This document describes the new and modified features in Adabas Version 7.0.
In previous versions, new features to protect data from illegal access (the protection of data-in-use and data-in-motion) were introduced.
Adabas Role-Based Security implements Role-Based Access Control (RBAC) and provides a means to restrict access to data. The communication between the Adabas nucleus and the Adabas clients, the data-in-motion, is protected by the TCP/IP TLS/SLL protocol; its use by Adabas can be enabled with an appropriate license key.
With version 7.0, encryption of data-at-rest, namely data held in the containers ASSO and DATA, is provided. Data is decrypted on access. This means its use is transparent to utilities and application programs.
The key to encrypt and decrypt the data, the data encryption key, is stored in encrypted form in the ASSO; the key encryption key is held in an external key management system. With this release, a local file-based key store is used. On Amazon’s AWS, the built-in key management system is supported.
An encrypted database is created with ADAFRM or ADABCK. Utilities such as ADABCK, ADAMUP and ADAORD encrypt non-encrypted data during import processing.
A detailed description of the use of this new feature is given in the Adabas Security documentation.
This version provides a script which allows you start or stop a database, and to inquire about its status using the Linux system and service manager system. If you plan to make use of systemd, please be aware that conflicts might arise using ADABAS Manager, or starting and stopping databases via operator commands such as ADAOPR.
One of the tasks of Software AG’s Installer is to add scripts which set up an appropriate execution environment. In the case of Adabas, the script modifies, amongst other things, the environmental variable $PATH. Up to version 6.7.1, the dot (.) was included in the list of libraries held in $PATH. This is no longer the case. Please be aware that this might have implications in your execution environment.
Adabas Analytics now supports conditions in the event type definitions. These conditions can be file-based and/or field-based. Access to a file or field which meets the condition will trigger an event. In case of an UPDATE event, the before and after values will be displayed.
The definition of the user-defined event types is changed to JSON format.
The following security configuration files have been deprecated and will be removed in a future release:
adaauth.ini
adaaudit.ini
adarbac.ini
The functionality provided with MODE INI has been deprecated. The security definitions are now located in the RBAC system file.
You should replace the MODE INI setting with MODE ADABAS in the configuration file adaauth.ini. Use the ADARBA utility to define your site-specific security definitions, which you entered in adarbac.ini configuration file.
The nucleus parameter READ_PARALLEL_LIMITS has been disabled. Specifying this parameter will have no adverse effect on your environment - it will be disregarded by the command interpreter.