This document describes the new and modified features in Adabas Version 6.7.
Adabas role-based security implements Role-Based Access Control (RBAC), and restricts access on the basis of the roles assigned to a user, and the permissions that are assigned to those roles.
This feature includes the following functionality:
Authentication
This provides a means of validating credentials against an authority.
Authorization for Direct Call Interface
This provides a means of restricting the usage of Adabas commands which access a file, by assigning users a role which represents selective access privileges.
Authorization for Adabas Utilities
This provides a means of restricting the execution of Adabas utilities, by assigning users a role which has the execute privilege.
Audit Trail
This provides a means of tracking access attempts and security violations.
The utility ADARBA provides the functionality required to administer security definitions.
Before securing databases with Adabas role-based security, you should familiarize yourself with the concepts and implementation of this feature.
Please note the following:
The security mode cannot be disabled once it is enabled;
The security mode cannot be changed from ACTIVE to WARN;
This feature could have a detrimental influence on the overall system performance, as is described in the section Performance Considerations.
When introducing this feature, it is recommended to initially start with Security Mode WARN.
With Adabas Version 6.7, Adabas can be reached via TCP/IP directly. Further information can be found in the document Adabas Remote Database Access.
With Adabas Version 6.7, records can be spanned in a database. When record spanning is enabled, the size of compressed records in a file may exceed the maximum data storage block size of 32KB.
The ADADBM RECORDSPANNING function enables or disables record spanning for a file
Starting with Adabas Version 6.7, an Adabas RESTful server, which provides monitoring and administration tasks, is a part of the product package. The server is primarily used by Adabas Manager, but it can also be used directly. A swagger definition, which defines the REST APIs, is included in the installation.
Starting with Adabas Version 6.7, scripts which provide Docker image creation on the basis of a current product installation, are a part of the product package. In contrast to the Adabas Docker community edition, concurrent runtime is checked inside the docker container.
The ADAREP FILES function now displays the files for which record spanning is enabled or disabled.
The default settings in the configuration file adaauth.ini have been modified:
ACTION = YES MODE = ADABAS
With Version 6.7, the Authorization for Adabas Utilities functionality is available for the following utilities: ADABCK, ADACLP, ADACMP, ADACVT, ADADBM, ADADCU, ADADEV, ADAELA, ADAELP, ADAERR, ADAFDU, ADAFIN, ADAINV, ADAMON, ADAMUP, ADANUC, ADAOPR, ADAORD, ADAPLP, ADAPRI, ADARBA, ADAREC, ADAREP, ADASCR, ADAULD, and ADAVFY.
The location and layout of the audit trail log file created by Authentication has been modified. Please refer to the section Audit of the document Adabas Role-based Security for further information
The location and configuration of the audit trail created by Authorization for Adabas Utilities has been deprecated. Both the location and the layout of the audit trail are subject to change.
The following security configuration files have been deprecated and will be removed in a future release:
adaauth.ini
adaaudit.ini
adarbac.ini
The functionality provided with MODE INI has been deprecated. The security definitions are now located in the RBAC system file.
You should replace the MODE INI setting with MODE ADABAS in the configuration file adaauth.ini. Use the ADARBA utility to define your site-specific security definitions, which you entered in adarbac.ini configuration file.
Support for HP-UX has been deprecated by Software AG. Adabas for Linux, UNIX and Windows Version 6.7 will be the last version available on this platform. Newer versions of Adabas for Linux, UNIX and Windows will not be available for this platform.