This document describes the steps for installing Natural SAF Security (product code NSF) on z/OS.
For information on the features and functions provided by Natural SAF Security, see the Natural SAF Security documentation.
When used in this document, the notation
vrs
or
vr
represents the relevant product
version (see also Version in the
Glossary).
Supported versions of the following products must be installed before you can install Natural SAF Security:
Adabas
Adabas Limited Libraries
SAF-compliant security system
See also General Prerequisites and System Support in the section Overview of the Installation Process.
The installation medium contains the following data sets required for product installation:
Data Set | Contents |
---|---|
NSFvrs.LOAD |
Load modules |
NSFvrs.INPL |
Natural objects |
Copy the data sets into your environment as described in Copying Data Sets to a z/OS Disk in the section Installing Natural.
Sample installation jobs are contained in the NATvrs.JOBS
data set
and are prefixed with the product code. The data set is provided on the
installation medium supplied for base Natural.
Be sure to read Installation Process and Major Natural Features before you start the installation procedure.
(Job I005)
Load the Natural objects specific to Natural SAF Security from the
NSFvrs.INPL
data set into the
appropriate Natural libraries in your FNAT
system file by using the
Natural INPL utility.
(Job I060, Step 0010)
Build the Natural parameter module. The parameters and macros mentioned in this section are described in the Parameter Reference documentation.
Specify the following with the NTDS
macro:
NTDS NSFSIZE,8
8 KB is the minimum NSFSIZE
value. Depending on your usage of Natural
SAF Security, a higher value may be required, which can be calculated as
follows:
4 KB + (e * 17 bytes) +
((p + r) * 8
bytes)
, rounded up to the next KB
where:
e
is the number of protected
environments,
p
is the number of protected Natural
objects,
r
is the number of protected RPC
services.
You can also use the dynamic profile parameter DS
to specify NSFSIZE
at the
start of a Natural session:
DS=(NSFSIZE,8)
If you want to use Natural SAF Security to control the execution of Natural
objects, specify the following in the NTRDC
macro
of the Natural parameter module:
NTRDC SIZE=2,EXIT=(RDCEX3,2000)
You can also use the corresponding dynamic profile parameter RDC
to specify the
parameter at the start of a Natural session:
RDC=(SIZE=2,EXIT=(RDCEX3,2000))
Note:
If this feature is used, you have to either link the Natural SAF Security
module NSFNUC
to the Natural parameter module or to the nucleus (in the
case of an environment-independent nucleus, to the environment-independent
part).
Assemble and link the Natural parameter module.
(Job I060, I080)
Adapt the link steps for Natural:
Add the following INCLUDE
statement to the link of the nucleus to
include Natural SAF Security modules:
INCLUDE NSFLIB(NSFNUC)
If you are using a shared nucleus, include this statement in the link of the shared part.
Add the corresponding DD statement:
//NSFLIB DD DSN=NSFvrs.LOAD,DISP=SHR
Relink your nucleus as described in Link the Nucleus in Installing Natural.
The SAF Server also known as the SAF Security Daemon executes in its own address space as a target in the Software AG network. Operating within the daemon is the SAF Security Kernel. The SAF Security Daemon and the SAF Security Kernel are delivered with the Adabas Limited Libraries (product code WAL).
Refer to the SAF Security Kernel documentation for information on how to install the SAF Security Kernel in daemon installation mode and how to configure it using the SAFCFG configuration module.
For the correct operation of Natural SAF Security you must consider the following SAFCFG parameters.
Parameter | Description | Syntax |
---|---|---|
GWDBID |
Node ID of the SAF Security Daemon.
The node ID defined for
|
GWDBID={1234|nnnnn} |
Parameter | Description | Syntax |
---|---|---|
GWSIZE |
The amount of storage in kilobytes used for caching user information.
Generally, size this parameter based on approximately 512 bytes per user. The number of cached checks set by SAFCFG parameters
Use SAF Online Services to determine the efficiency of the current value by monitoring the number of checks overwritten in the System Statistics menu option. |
GWSIZE=
{256|nnnn} |
Parameter | Description | Syntax |
---|---|---|
NACKPG
NACKRP
NACKSF
NACKTC |
These parameters are redundant.
The protection options originally offered by these parameters can only be set online using the General NSF Options 2 screen of the Administrator Services. Any value
( When Natural SAF Security first connects to the SAF Security Daemon, the administrator defined protection options are dynamically passed to the SAF Security Daemon. |
NACKxx={N|Y} |
Parameter | Description | Syntax |
---|---|---|
NACLAP |
The name of the resource class used in authorization checks against
User-Defined Resources.
The name can be up to eight alphanumeric characters. Refer to User-Defined Resources for more information. |
NACLAP={NPGSAG|aa..} |
Parameter | Description | Syntax |
---|---|---|
NACLPG |
The name of the resource class used in authorization checks against
Programming Objects.
The name can be up to eight alphanumeric characters. Refer to Programming Objects for more information. |
NACLPG={NPGSAG|aa..} |
Parameter | Description | Syntax |
---|---|---|
NACLRP |
The name of the resource class used in authorization checks against RPC
Services.
The name can be up to eight alphanumeric characters. Refer to RPC Services for more information. |
NACLRP={NRPSAG|aa..} |
Parameter | Description | Syntax |
---|---|---|
NACLSF |
The name of the resource class used in authorization checks against
Environments.
The name can be up to eight alphanumeric characters. Refer to Environments for more information. |
NACLSF={NSFSAG|aa..} |
Parameter | Description | Syntax |
---|---|---|
NACLTC |
The name of the resource class used in authorization checks against
Libraries.
The name can be up to eight alphanumeric characters. Refer to Libraries for more information. |
NACLTC={NTCSAG|aa..} |
Parameter | Description | Syntax |
---|---|---|
NAFLEN |
The format of the Database ID and File number in Environment resource
profiles.
Valid values are:
Note: Refer to Environments for more information. |
NAFLEN={0|1} |
Parameter | Description | Minimum | Maximum | Syntax |
---|---|---|---|---|
NANUPG |
This is the number of successful Programming object checks to be
cached.
Each cached check takes approximately 23 bytes from the storage size
specified by the SAFCFG parameter Use SAF Online Services to determine the efficiency of the current value by monitoring the number of checks overwritten in the System Statistics menu option. For more information on programming objects, refer to the Protect Natural Modules option in Library Options. |
0 | 32767 | NANUPG={0|nnnnn} |
Parameter | Description | Minimum | Maximum | Syntax |
---|---|---|---|---|
NANURP |
This is the number of successful RPC service checks to be cached.
Each
cached check takes approximately 26 bytes from the storage size specified by
the SAFCFG parameter Use SAF Online Services to determine the efficiency of the current value by monitoring the number of checks overwritten in the System Statistics menu option. For more information on RPC service checks, refer to RPC Options. |
0 | 32767 | NANURP={0|nnnnn} |
Parameter | Description | Minimum | Maximum | Syntax |
---|---|---|---|---|
NANUSF |
This is the number of successful Environment checks to be cached.
Each
cached check takes approximately 40 bytes from the storage size specified by
the SAFCFG parameter Use SAF Online Services to determine the efficiency of the current value by monitoring the number of checks overwritten in the System Statistics menu option. For more information on Environment checks, refer to Environment Options. |
0 | 32767 | NANUSF={0|nnnnn} |
Parameter | Description | Minimum | Maximum | Syntax |
---|---|---|---|---|
NANUTC |
This is the number of successful Library checks to be cached.
Each
cached check takes approximately 10 bytes from the storage size specified by
the SAFCFG parameter Use SAF Online Services to determine the efficiency of the current value by monitoring the number of checks overwritten in the System Statistics menu option. For more information on Library checks, refer to Library Options. |
0 | 32767 | NANUTC={0|nnnnn} |
Natural SAF Security is operational after Step 4: Install the SAF Server of the Installation Procedure has been completed successfully.
After the installation, proceed as described in Activating Natural SAF Security in the Natural SAF Security documentation.