This section contains information on the protection of various Natural add-on products by Natural Security and the handling of plug-ins in a Natural Security environment. It contains information on:
The Natural Studio user interface is extensible by plug-ins. If plug-ins are used in an environment protected by Natural Security, the following prerequisites must be met:
For the Natural Plug-in Manager (which is a plug-in itself) and for every plug-in to be used, a library security profile has to be defined. For plug-ins delivered together with Natural Studio, pre-defined system-library profiles are provided. To activate these, you use the Administrator Services function Definition of System Libraries.
The following plug-in system libraries are provided:
| Library | Contents |
|---|---|
| SYSEXPLG | Plug-in Example. |
| SYSPLCGC | Program Generation. |
| SYSPLMAN | Plug-in Manager. |
| SYSPLMFE | z/OS Navigation. |
| SYSPLNEE | Metrics Calculation / Engineer Xref Viewing. |
| SYSPLPDC | Object Description. |
| SYSPLPGC | Schema Generation. |
| SYSPLWEB | Web Interface. |
| SYSPLWIZ | Application Wizard. |
| SYSPLXRC | Xref Evaluation. |
When a user activates a plug-in, Natural Studio starts a second Natural session with
automatic logon (profile parameter AUTO=ON). For the automatic logon to be
successful, a user who is to use a plug-in must have either a default library or a
private library specified in his/her security profile.
When a user activates a plug-in, Natural Studio starts a second Natural session using
the parameter file NATPARM. If the user's Natural session uses a parameter
file other than NATPARM, the system-file specifications for FNAT, FSEC and
FUSER in the NATPARM parameter file must match those of the parameter file
used by the user session in a Natural Security environment.
On z/OS computers, the Predict library SYSDIC may be defined and its use
controlled by Natural Security.
To be able to use under Natural Security those Predict functions which use Adabas Online Services (AOS) facilities, that is, to enable Natural Security protection, you have to perform the following steps:
Create a security profile for the library SYSDIC (Add Library).
Define the library SYSDIC as people-protected, and link to it those
users (or user groups) who are to be Predict/AOS administrators.
Execute the program NSCPRDAX in the library SYSSEC. This
program writes the user exit NSCPRD01 into the SYSDIC
library security profile.
Invoke the Modify Library function for the library
SYSDIC. Even if you do not change anything in the security profile,
you must perform this step to confirm the entry of the user exit, because otherwise
Natural Security would consider the execution of NSCPRDAX an illegal
manipulation of SYSDIC's security profile, and no-one would be able to
log on to SYSDIC.
After the user exit has been written into the security profile, no Predict functions will be available until Predict security profiles are defined.
The user exit cannot be removed manually from the SYSDIC library security
profile. To remove it, you execute the program NSCPRDDX in the library
SYSSEC, and then invoke the Modify Library function
for confirmation (as with Step 4 above).
When you select User Exit from the Additional
Options of SYSDIC's library security profile, an additional
screen Predict/AOS Security Profile is displayed. On this screen,
you specify who is to be AOS security administrator for which database. The users (or
groups of users) specified may then use the AOS-related Predict functions for these
databases.
For each database, you can only specify one AOS security administrator. This may be a
user of type "Administrator", "Person", "Member", or a "Group" (it need not be a Natural
Security administrator). The user must be linked to the library SYSDIC
before he/she can be specified as AOS security administrator.
For further information on Predict and its AOS-related functions, and on Predict under Natural Security, please refer to the Predict documentation.
On z/OS computers, the Adabas Online Services library SYSAOS may be defined
and its use controlled by Natural Security.
To be able to use the Security Maintenance section of Adabas Online Services under Natural Security, that is, to enable Natural Security protection for Adabas Online Services, you have to perform the following steps:
Create a security profile for the library SYSAOS (Add Library).
Define the library SYSAOS as people-protected, and link to it those
users (or user groups) who are to be Adabas Online Services database
administrators.
Execute the program NSCAOSIX in the library SYSSEC. This
program writes the user exit NSCAOSE1 into the SYSAOS
library security profile.
Invoke the Modify Library function for the library
SYSAOS. Even if you do not change anything in the security profile,
this step is necessary to confirm the entry of the user exit, because otherwise
Natural Security would consider the execution of NSCAOSIX an illegal
manipulation of SYSAOS's security profile, and no-one would be able to
log on to SYSAOS.
After the user exit has been written into the security profile, no Adabas Online Services functions will be available until Adabas Online Services security profiles are defined.
The user exit cannot be removed manually from the SYSAOS library security
profile. To remove it, you execute the program NSCAOSDX in the library
SYSSEC, and then invoke the Modify Library function
for confirmation (as with Step 4 above).
Note
Previous versions of Natural Security supplied the user exit NSCAOS01,
which can still be used instead of NSCAOSE1. With NSCAOS01,
however, a maximum of only 72 database profiles can be maintained with Adabas Online
Services, while up to 400 can be maintained with NSCAOSE1. Unlike
NSCAOSE1, NSCAOS01 does not allow you to assign more than
one user group as an administrator to the default database (see below). The program used
to write NSCAOS01 into the library security profile of SYSAOS
is called NSXAOSAX. Otherwise, what is said above about
NSCAOSE1 also applies to NSCAOS01.
When you select User Exit from the Additional
Options of SYSAOS's library security profile, an additional
screen Adabas Online Services Security Profile is displayed. On
this screen, you specify who is to be Adabas Online Services security administrator for
which database. The users (or groups of users) specified may then use the Security
Maintenance section of Adabas Online Services for these databases.
For each database, you can only specify one Adabas Online Services security
administrator. This may be a user of type "Administrator", "Person", "Member", or a
"Group" (it need not be a Natural Security administrator). The user must be linked to
the library SYSAOS before he/she can be specified as Adabas Online Services
security administrator.
Adabas Online Services uses the database profile for database ID 999 as a default
profile, which applies to all databases for which no individual database profiles are
defined. With the user exit NSCAOSE1, you can assign more than one group of
Adabas Online Services security administrators to database 999. To do so, you specify
******** (8 asterisks) as the administrator ID for database 999 in the
SYSAOS library security profile. The administrators for database 999 are
then determined by the database profile in Adabas Online Services. As Adabas Online
Services allows you to define more than one profile per database, you can define
multiple profiles for database 999, each with a different group of administrators.
For further information on Adabas Online Services, please refer to the Adabas documentation.
