Nortel DMS-100 Customer Protection Table (CUSPROT) |
Table Name
Customer Protection Table
Functional Description of Table CUSPROT
Table CUSTPROT defines the command class of users that can read, change, add, or delete tuples for each table. These tables are assigned in the switching unit.
The privilege class with read protection ability can read tuples from the table. The privilege class cannot update, add, or delete tuples from the table.
The privilege class with update protection ability can read and update. The privilege class cannot add or delete tuples from the table.
The privilege class with all protection ability can read, update, add, or delete tuples from the table.
If the switching unit has the feature BC1459, Partitioned Table Editor (PTE), a non-operating company user can use the tables entered in table OWNTAB (Ownership).
The privilege classes assigned to tables that are not entered in table OWNTAB are not assigned to non-operating company users. This action occurs so that non-operating company users do not have access to these tables.
To create new data, tables can add new tuples. These tables are read-only or change-only tables for non-operating company users. Read-only or change-only tables for non-operating company users appear in the following list:
Command PERMIT assigns privilege classes for commands and access to tables. A privilege class used in table CUSTPROT or table TERMDEV (Terminal Device) can appear in one table.
Security Table Enhancement Feature
If the switching unit has feature BC1305, Security Table Enhancement (STE), the operating company can select the tables to monitor.
Feature STE allows the system to generate log reports if users modify or attempt to modify the customer data tables.
The privilege class assigned to the table controls access to customer data tables.
In an attempt to access a table, the privilege class of the user is matched against the privilege class of the table. If the two classes match, access to the table occurs.
Feature STE allows the operating company to monitor the tables and the users that access these tables.
If feature STE is activated, the following action occurs. The completed or terminated attempts to access a table are recorded in a log report to examine at a later time.
The system generates log reports for tables when you attempt to read and display a tuple. The system generates log reports for tables when you attempt to write the tuple.
Log TABL that feature STE introduces is a secret-type log. The system automatically routes all secret-type logs to the System Log (SYSLOG). Use of this feature can cause the SYSLOG log queue to flood. The operating company must minimize the number of tables monitored.
The operating company must monitor the following tables:
The data store allocated to store the table access log reports is 20,000 words. This allocation allows storage of a maximum of 500 log reports of type TABL101 and TABL103. Each log report is 60 words. Log reports of type TABL100 and TABL102 are 20 words. The log queue can store from 333 to 1,000 log reports. This log storage depends on the type of log reports stored.
Nortel can activate or deactivate feature STE through a change in office parameter MONITOR_TABLE_ACCESS in table OFCOPT.
If Nortel activates office parameter MONITOR_TABLE_ACCESS, operating company personnel can activate or deactivate feature STE. This action occurs through a change in office parameter TABLE_ACCESS_CONTROL in table OFCVAR.
Authorized operating company personnel can activate or deactivate feature STE for specified tables (field TABNAME). This action occurs through a change in the values of fields VALACC (Valid Table Access Control) and DENACC (Denied Table Access Control) in table CUSTPROT.
If you set field VALACC to WRITE, the system generates a TABL101 log. The system generates a log each time you use table control to add, delete, or change a tuple.
If you set field VALACC to ALL, the system generates a TABL101 log. The system generates this log when the following action occurs. The log generates each time you use table control to write in the table to add, delete, or change a tuple. The system generates a TABL100 log each time you use table control to read or display the table.
If you set field DENACC to WRITE, the following action occurs. The system generates a TABL103 log each time you attempt to use table control to write in a table.
If you set field DENACC to ALL, the system generates a TABL103 log. The system generates this log each time you attempt to use table control to write in a table. The system generates TABL102 log each time you attempt to use table control to read or display a table.
The operating company can set the alarms for these logs. Change the correct tuples in table AUDALARM to set these alarms. The alarms that these logs generate turn off after approximately 15 seconds.
Table control automatically produces the first input for this table. Set the first value for the privilege classes to 15. Fields VALLACC and DENACC are set to OFF.
To change this table, the operating company must load the module ENGWRITE from the non-resident tape and enter command ENGWRITE ON.
For the first datafill, the operating company provides input for the tables with a minimum of one privilege class. This class must have a value that is not 15. Fields VALLACC and DENACC must not be OFF.
Use command REP (replace) for each entry you submit to change the default values assigned to this table.
Datafill Sequence & Table Size
You must enter data in table CUSTAB before you enter data in table CUSTPROT. Table size is 0 to 2,047 tuples.
Datafill
The following table describes datafill for table CUSTPROT:
----------------------------------------------------------------------------------------------
Table CUSTPROT Field Descriptions
Field Subfield Entry Explanation and Action
----------------------------------------------------------------------------------------------
TABNAME Alphanumeric Table Name
(16 characters Enter the table name.
maximum)
----------------------------------------------------------------------------------------------
READPROT 0 to 30 Read Protection
Enter the privilege class that can read this
table.
----------------------------------------------------------------------------------------------
UPDTPROT 0 to 30 Update Protection
Enter the privilege class that can read the table
and update tuples. This class cannot add or
delete tuples from the table.
----------------------------------------------------------------------------------------------
ALLPROT 0 to 30 All Protection
Enter the privilege class that can read, update,
add, or delete tuples from the table.
----------------------------------------------------------------------------------------------
VALACC ALL, OFF, Correct Access
or WRITE If TABL100 and TABL101 logs are a requirement,
enter "ALL".
If feature BC1305 Security Table Enhancement
is not provided or logs TABL100 and TABL101
are not requirements, enter "OFF".
If the switching unit has feature STE and
TABL101 logs are a requirement, enter "WRITE".
----------------------------------------------------------------------------------------------
DENACC ALL, OFF, Denied Access
or WRITE If TABL102 and TABL103 logs are a requirement,
enter "ALL".
If the switching unit has feature STE and
TABL103 logs are requirements, enter "WRITE".
If feature STE is not provided or logs TABL102
and TABL103 are not requirements, enter "OFF".
----------------------------------------------------------------------------------------------
-End-
Datafill Example
Table CLLI with privilege classes of 2, 4, and 6 appears in this example. The correct access and denied access options are off.
The following example MAP display shows sample datafill for table CUSTPROT:
TABNAME READPROT UPDTPROT ALLPROT VALACC DENACC ______________________________________________________________ CLLI 2 4 6 OFF OFF |