This section contains information on the protection of various Natural add-on products by Natural Security and the handling of plug-ins in a Natural Security environment. It contains information on:
The Natural Studio user interface is extensible by plug-ins. If plug-ins are used in an environment protected by Natural Security, the following prerequisites must be met:
For the Natural Plug-in Manager (which is a plug-in itself) and for every plug-in to be used, a library security profile has to be defined. For plug-ins delivered together with Natural Studio, pre-defined system-library profiles are provided. To activate these, you use the Administrator Services function "Definition of system libraries".
The following plug-in system libraries are provided:
Library | Contents |
---|---|
SYSEXPLG | Plug-in Example. |
SYSPLCGC | Program Generation. |
SYSPLMAN | Plug-in Manager. |
SYSPLMFE | Mainframe Navigation. |
SYSPLNEE | Metrics Calculation / Engineer Xref Viewing. |
SYSPLPDC | Object Description. |
SYSPLPGC | Schema Generation. |
SYSPLWEB | Web Interface. |
SYSPLWIZ | Application Wizard. |
SYSPLXRC | Xref Evaluation. |
When a user activates a plug-in, Natural Studio starts a second Natural session with automatic logon (profile parameter AUTO=ON). For the automatic logon to be successful, a user who is to use a plug-in must have either a default library or a private library specified in his/her security profile.
When a user activates a plug-in, Natural Studio starts a second Natural session using the parameter file NATPARM. If the user's Natural session uses a parameter file other than NATPARM, the system-file specifications for FNAT, FSEC and FUSER in the NATPARM parameter file must match those of the parameter file used by the user session in a Natural Security environment.
On mainframe computers, the Predict library SYSDIC may be defined and its use controlled by Natural Security.
To be able to use under Natural Security those Predict functions which use Adabas Online Services (AOS) facilities, that is, to enable Natural Security protection, you have to perform the following steps:
Create a security profile for the library SYSDIC (Add Library).
Define the library SYSDIC as people-protected, and link to it those users (or user groups) who are to be Predict/AOS administrators.
Execute the program NSCPRDAX in the library SYSSEC. This program writes the user exit NSCPRD01 into the SYSDIC library profile.
Invoke the Modify Library function for the library SYSDIC. Even if you do not change anything in the security profile, you must perform this step to confirm the entry of the user exit, because otherwise Natural Security would consider the execution of NSCPRDAX an illegal manipulation of SYSDIC's security profile, and no-one would be able to log on to SYSDIC.
After the user exit has been written into the security profile, no Predict functions will be available until Predict security profiles are defined.
The user exit cannot be removed manually from the SYSDIC library profile. To remove it, you execute the program NSCPRDDX in the library SYSSEC, and then invoke the Modify Library function for confirmation (as with Step 4 above).
When you select "User Exit" from the Additional Options of SYSDIC's library profile, an additional screen "Predict/AOS Security Profile" is displayed. On this screen, you specify who is to be AOS security administrator for which database. The users (or groups of users) specified may then use the AOS-related Predict functions for these databases.
For each database, you can only specify one AOS security administrator. This may be a user of type ADMINISTRATOR, PERSON, MEMBER, or a GROUP (it need not be a Natural Security administrator). The user must be linked to the library SYSDIC before he/she can be specified as AOS security administrator.
For further information on Predict and its AOS-related functions, and on Predict under Natural Security, please refer to the Predict documentation.
On mainframe computers, the Adabas Online Services library SYSAOS may be defined and its use controlled by Natural Security.
To be able to use the Security Maintenance section of Adabas Online Services under Natural Security, that is, to enable Natural Security protection for Adabas Online Services, you have to perform the following steps:
Create a security profile for the library SYSAOS (Add Library).
Define the library SYSAOS as people-protected, and link to it those users (or user groups) who are to be Adabas Online Services database administrators.
Execute the program NSCAOSIX in the library SYSSEC. This program writes the user exit NSCAOSE1 into the SYSAOS library profile.
Invoke the Modify Library function for the library SYSAOS. Even if you do not change anything in the security profile, this step is necessary to confirm the entry of the user exit, because otherwise Natural Security would consider the execution of NSCAOSIX an illegal manipulation of SYSAOS's security profile, and no-one would be able to log on to SYSAOS.
After the user exit has been written into the security profile, no Adabas Online Services functions will be available until Adabas Online Services security profiles are defined.
The user exit cannot be removed manually from the SYSAOS library profile. To remove it, you execute the program NSCAOSDX in the library SYSSEC, and then invoke the Modify Library function for confirmation (as with Step 4 above).
注意:
Previous versions of Natural Security supplied the user exit
NSCAOS01, which can still be used instead of NSCAOSE1. With NSCAOS01, however,
a maximum of only 72 database profiles can be maintained with Adabas Online
Services, while up to 156 can be maintained with NSCAOSE1. Unlike NSCAOSE1,
NSCAOS01 does not allow you to assign more than one user group as an
administrator to the default database (see below). The program used to write
NSCAOS01 into the library profile of SYSAOS is called NSXAOSAX. Otherwise, what
is said above about NSCAOSE1 also applies to NSCAOS01.
When you select "User Exit" from the Additional Options of SYSAOS's library profile, an additional screen "Adabas Online Services Security Profile" is displayed. On this screen, you specify who is to be Adabas Online Services security administrator for which database. The users (or groups of users) specified may then use the Security Maintenance section of Adabas Online Services for these databases.
For each database, you can only specify one Adabas Online Services security administrator. This may be a user of type ADMINISTRATOR, PERSON, MEMBER, or a GROUP (it need not be a Natural Security administrator). The user must be linked to the library SYSAOS before he/she can be specified as Adabas Online Services security administrator.
Adabas Online Services uses the database profile for database ID 999 as a default profile, which applies to all databases for which no individual database profiles are defined. With the user exit NSCAOSE1, you can assign more than one group of Adabas Online Services security administrators to database 999. To do so, you specify "********" (8 asterisks) as the administrator ID for database 999 in the SYSAOS library profile. The administrators for database 999 are then determined by the database profile in Adabas Online Services. As Adabas Online Services allows you to define more than one profile per database, you can define multiple profiles for database 999, each with a different group of administrators.
For further information on Adabas Online Services, please refer to the Adabas documentation.