The System Authorization Facility (SAF) is used by OS/390 and compatible sites to provide rigorous control of the resources available to a user or group of users. Security packages such as RACF, CA-ACF2, and CA-Top Secret allow the system administrator to
maintain user identification credentials such as user ID and password; and
establish profiles determining the datasets, storage volumes, transactions, and reports available to a user.
The resulting security repository and the infrastructure to administer it represent a significant investment. At the same time, the volume of critical information held by a business is constantly growing, as is the number of users referencing the data. The challenge of controlling these ever-increasing accesses requires a solution that is flexible, easy to implement and, above all, one that safeguards the company's investment.
The SAF Security Kernel acts as an agent for other Software AG products such as Adabas, Natural, and Entire Net-Work. It allows them to secure resources via a SAF-compliant security system, thus enhancing the scope of the security system to enable:
a single control and audit system for all resources
a single definition of userids and passwords
industry standard protection of resources such as Adabas data and Natural libraries
maximized return on investment in the security repository
This document covers the following topics:
A SAF security solution comprises two separate components:
a product-specific component which is distributed and installed with the product being protected (Adabas, Natural, Entire Net-Work or EntireX)
a product-independent SAF Security Kernel (the subject of this document) which may be embedded in an authorized product or operate as a separate authorized daemon
For details on securing specific products such as the following, refer to the relevant product documentation:
Adabas SAF Security
Natural SAF Security
Entire Net-Work
EntireX Security
Some of these products are distributed with a copy of the SAF kernel. The individual product documentation indicates if this is the case.