Certain aspects of the USERDATAFILE provide the capability, if misused, of violating protections on system security.

If the system SECADMIN option is set to TRUE, and any usercode is designated SECADMIN in the USERDATAFILE, only a user or process with SECADMIN status can run MAKEUSER to alter all attributes of all users in the USERDATAFILE.

Otherwise, only a user or process that is privileged has such capabilities.

Protection from Removal

When a file is installed as the USERDATAFILE, it is marked as a SYSTEMFILE, the SECURITYADMIN attribute is set, and it is kept open. An in-use SYSTEMFILE cannot be changed or removed. An inactive SYSTEMFILE with the SECURITYADMIN attribute set cannot be changed or removed.

The only way for the SYSTEMFILE designation of the USERDATAFILE to be changed is through the Data Comm ALGOL USERDATAFREEZER intrinsic. USERDATAFREEZER causes the operating system to close the file and turn off the SYSTEMFILE designation. USERDATAFREEZER does not reset the SECURITYADMIN attribute.

If the system SECADMIN option is set to TRUE, and any usercode is designated SECADMIN in the USERDATAFILE, only a user or process with SECADMIN status can invoke USERDATAFREEZER.

Otherwise, only a user or process that is privileged can invoke USERDATAFREEZER.

By limiting those who can invoke USERDATAFREEZER to a few trusted individuals, you greatly lessen the possibility of accidental or unwarranted removal of the USERDATAFILE.

An inactive USERDATAFILE may still be marked as a SYSTEMFILE. To remove such a file you must reset the SECURITYADMIN attribute. Use the WFL ALTER statement to reset this attribute.

Auditing Changes to the USERDATAFILE

When the default system logging options are in effect, the following events are recorded in the current system log:

To obtain a report of these log records, run LOGANALYZER specifying the USERDATA option.

To automatically save a copy of the new USERDATAFILE whenever a new installation of the USERDATAFILE takes place, use the LOGGING (Logging Options) system command to designate logging for major type 6, minor type 10. The saved copy of the new USERDATAFILE can act as a baseline for tracking changes to the user database.

This copy is saved under the following name:

SUMLOG/USERDATA/<date>/<time> ON <DL log>

The date and time the new USERDATAFILE was installed, and the family name of the current SYSTEM/SUMLOG are included as part of the file title.

You can use the LOGGING system command to specify logging of the following USERDATAFILE-related activities:

Because of the importance of maintaining USERDATAFILE security, it is strongly recommended that regardless of other events that are logged, changes to the USERDATAFILE and installation of new USERDATAFILEs are always recorded.