Supplying a Guard File Title
You can secure the control file by specifying a guard file title as part of the control file specification in the database definition. This prevents unauthorized access to the control file by both database and non-database users. Unauthorized users are any users that read or write information into the control file by using their own program instead of using a database utility supplied by Unisys.
Example
The following DASDL statement secures the control file for an Enterprise Database Server database with a guard file titled (DBA) SECURE/CF ON P:
CONTROL FILE (SECURITYGUARD = (DBA)SECURE/CF ON P);
Guard File Contents
The contents of the guard file for the control file should specify read and write access for the DBA and for the following utilities and libraries. Although not all these utilities and libraries require read and write access to the control file, it is recommended that they be allowed this access in case future changes to the software do require write access:
-
SYSTEM/DMCONTROL
-
SYSTEM/DMRECOVERY
-
SYSTEM/DMRECONFILTER
-
SYSTEM/DMDATARECOVERY
-
SYSTEM/DMUTILITY
-
SYSTEM/DBCERTIFICATION
-
RECONSTRUCT/<database name>
-
DMSUPPORT/<database name>
-
RMSUPPORT/<database name>
In addition, the guard file for the control file should provide read access to any user or program that is authorized to open the database.
