SYSTEM PERFORMANCE
CHAPTER 11 ACCESS CONTROLS
11.1 ACCESS CONTROL PROGRAM
Previous chapters deal with administrative policies for allocating resources. For example, Chapter 10 describes the policy decisions you can make regarding the scheduler, and Chapter 8 describes the policy decisions you can make regarding tape drive allocation and labeled tape support.
In addition, you can make policy decisions that govern the access to specific system resources. For instance, TOPS-20 allows a user to change the speed of a terminal, assign a device, log in at any time of .day, mount a magnetic tape, and mount a disk structure. However, you may want to restrict or disallow use of some of these facilities. You may want only specified users at specified times of the day and, perhaps, at specified terminals, to use certain facilities. A particular mechanism lets you control the access to such resources and services. With it, you have an additional means for collecting accounting or other information.
To use this access control mechanism, you must write an access control program that carries out your policy decisions. An access control program can control scheduling classes, the bias control, batch background queue, logging in, use of physical resources (tape drives, terminals, structures), and enabling capabilit~es. When a user
ACCESS CONTROLS
requests a resource (like ASSIGN TTY34:), your program identifies the user, the user's controlling terminal, and the type of request being made. Your program can merely log this information in a file, or make a decision and tell the monitor to either grant or deny the request.
DIGITAL provides the necessary mechanisms (monitor calls) to implement a program at .. your installation. _ Your system programmer uses the appropriate monitor calls to write an access control program according to the requirements of your system. A sample access control program this facility to certain applications only,
Allow Login
ACCESS CONTROLS
user. In addition, the login function can be used· to control the number of jobs that a user can create under PTYCON.
Create Processes (Forks)
You can prevent a user from creating more than a predefined number of processes. Also, you may want to charge users for using many processes.
Set Terminal Baud Rate
You can control the input and output speed settings on all terminals.
This control prevents users from changing the baud rate to a speed that is unsupported by the terminal, and, as a result, rendering the terminal unusable until the operator resets the baud rate. You can also restrict the speed of a terminal to no more than a specified maximum, for example, 300 baud.
Logout
You can request the access control program to notify you or record information in an accounting file each time a user logs off the system. You may also want to keep track of the users who log out and are over their permanent disk page quota. The access control program can notify the operator that a migration-trim-run "is needed for this directory to bring the directory back under its quota. If you use the login function with the logout function, you can give the U~er who is logging out information about time, resources, and perhaps money spent.
Set ENQ Quota
TOPS-20 allows enabled WHEELS to change to ENQ-DEQ quota. By using the ENQ quota function in your access control program, you can allow users other than WHEELS to change the ENQ-DEQ quota. (The !QE§:~Q
MQgitQ!
Q~ll§ B~f~!~gS~ M~gg~l describes the uses of ENQ-DEQ.) Create DirectoryYou can prevent users from giving the BUILD, SET DIRECTORY, or AECREATE command to create directories or change parameters. Or, you may simply request the access control program to notify you of the people who have used these commands. You may want the operator to police these directories and check the parameter changes.
Mount a Structure
You can control access to certain structures by allowing only a select group of users to give the MOUNT command for a particular structure(s). This facility is used in conjunction with regulated structures. (The !QE§:~Q QQ~!~tQ!:§ ggig~ describes REGULATED and NON-REGULATED structures.) Also, information about structure mounts
ACCESS CONTROLS
can" be recorded in accounting files.
Enter MDDT
You can disallow privileged users from entering MDDT mode. For example, during certain times of the day, you may not want enabled WHEELS looking at or fixing a problem in the monitor. You may also want to keep a record of who has used MDDT.
Class Assignment You can
classes.
use.
prevent users from changing to unauthorized scheduling The access control program determines the classes a job can
Set Class at Login
The access control program can set a user's class at log in. Your program can contain (or access a file that contains) the list of users and their associated class.
MT Access Request
You can have the access control program decide whether a user should be allowed to access a restricted iabeled tape from a non-TOPS-20 system. For example, if a non-TOPS-20 labeled tape is mounted with a nonblank access code in the access field, you can have your program decide if this user can use this tape. (The
!Qr§=gQ
!~E~ r~2£~~~!~g M~~~~! describes the access fields on labeled tapes.)ACCESS/CONNECT Request
The access control program can determine if an ACCESS or CONNECT request to a directory should succeed in cases where the request is denied by the monitor. For example, the TOPS-20 monitor allows an ACCESS or CONNECT request to succeed when appropriate criteria are met. These are:
o The requesting process has WHEEL or OPERATOR capabilities enabled.
o The target directory is in the same group as the job's
"accessed" directory.
o The target structure is DOMESTIC and the target directory name matches the logged-in directory or the job.
o The correct password is specified.
If all of the above criteria fail, the monitor denies the request.
The access control program can be called to approve or override the denial.
11-4
ACCESS CONTROLS
ATTACH Request
The access control program can prevent a user from attaching his
·terminal to another job. This function allows the access control program to control which terminals can attach to specific jobs.