These Release Notes apply to Adabas SAF Security Version 8.1.2. Read this document carefully before installing and using this version of Adabas SAF Security.
Adabas SAF Security (ADASAF) provides protection of Adabas resources using standard security packages in a z/OS operating system environment based on the System Authorization Facility (SAF). These security packages include RACF, Top Secret, and ACF2.
|
|
Prerequisites: See SAF Security Install documentation, section Prerequisites. |
|
|
Enhancements |
|
|
Removed Support |
|
|
Online Documentation |
ADASAF Version 8.1 incorporates all fixes to previous versions and provides the following enhancements:
If Adabas SAF Security detects that the SAF Kernel was unable to initialize, or re-initialize after a restart/newcopy, console message AAF028 is issued and the nucleus terminates. In previous versions, the nucleus remained active but all commands sent to it received response 200.
Several new SAFCFG configuration options have been introduced. These options can also be specified in the DDSAF dataset:
AAFPRFX: Use fixed prefix for security checks for this nucleus. It is recommended to use grouped resource names in preference to AAFPRFX.
HOLDCMD: Specify whether hold commands
(L4, etc.) require READ or UPDATE access
PCPROT: Specify whether or not to protect
PC (invoke stored procedure) commands
LFPROT: Specify whether or not to protect
LF (read FDT) commands
With the 8.1.3 and above versions of the Adabas Limited Libraries, the
default values for GWSIZE and
LOGOFF have changed, to provide better performance when
using the default settings.
GWSIZE has changed from 16 to 256
LOGOFF has changed from NEVER to TIMEOUT
For more information, refer to Adabas SAF Security Configuration Parameters.
It is now possible to configure Adabas SAF Security so that the caller’s SAF group (rather than SAF User ID) is used as an ADASCR password. This provides the great benefit of being able to implement flexible ADASCR protection:
without needing to hold passwords in the application or transmit them to the Adabas nucleus, and
without having to define every SAF User ID as an ADASCR password.
It is now possible to configure Adabas SAF Security to build a resource name according to your own requirements, rather than resource names that are specific to database and file numbers. This allows you to group related files under a single resource profile, thus reducing security maintenance overheads.
For example, if files 1, 11 and 251 are used for the Accounts Payroll application, rather than defining each separate file to the security system, you can define a single resource, ACCOUNTS.PAYROLL, and configure Adabas SAF Security to use that resource name for files 1, 11 and 251.
ADASAF checks that a nucleus or utility is allowed to start under the given SAF User ID. If this security check fails, either because the necessary resource is not defined or because the starting user does not have the necessary access to it, the job abends U0042. To help resolve such failures, ADASAF Version 8.1 also issues an AAF029 message showing the resource class and profile name against which the security check was made.
You can also use ADASAF to secure execution of ADACOM. For more information please refer to Starting a Utility or Nucleus.
The following items are no longer supported.
Adabas SAF Security no longer provides a router security exit for CICS Versions 2 and 3 (macro-level).
The Adabas SAF Security Version 8.1 documentation is provided in HTML format. The documentation has been structured for optimal online access including extensive use of hyperlinks to related topics. In addition, full text search and indexing features are available. All documents are also available as PDF files for selective printing at a user site.
The Online Documentation Main Menu provides an overview of the AAF documentation.
The following related documentation is available on the Adabas documentation CD:
SAF Security Kernel
