This section describes how to control the use of the Natural Server view and Eclipse Navigator view used by Natural in an Eclipse environment in conjunction with NaturalONE. It covers the following topics:
This section describes how to protect with Natural Security a Natural server used in Eclipse, and how the security definitions on the FSEC system file attached to the server environment affect actions on the server. It covers the following topics:
The function "Map Environment" is controlled by the Natural Security settings that apply to the FNAT system file on which this function is executed. When the function is executed, Natural Security performs a logon, according to the rules as described in the section Logon Procedure. The logon will be to the user's default library, therefore the security settings have to be such that the user is able to log on to his/her default library.
Anmerkung:
Once the environment has been mapped, a logon with another user ID
is not possible within the mapped environment.
Once the environment has been mapped, the server view in the mapped environment lists all non-empty libraries on the FUSER system file assigned to the mapped environment which are accessible by the user. Libraries in whose security profiles a different FUSER file or FDIC file is specified (under Library File) are not listed.
When the user selects one of these libraries from the server view, a
logon to this library is performed - according to the rules as described in the
section Logon
Procedure. Thus it may be possible, for example, that a
startup transaction is executed. The user can only select a library from the
tree view; any other library selection (for example, via the system command
LOGON *
) is not possible.
Within a library in the mapped environment, some functions can be protected by Natural Security, others cannot be protected. Which functions these are is described below.
The Natural Security data used by the Natural Server view are cached and will only be refreshed when the Natural server is mapped again.
Anmerkung:
If a startup transaction is defined for any library in the Natural
Server view, it must meet the conditions described under Startup
Transactions in the section Using an Existing Natural
Development Server Environment of the NaturalONE Before You
Start documentation.
The use of the following functions in a library within the mapped environment can be protected as follows:
Disallowed actions are disabled in the context menus of the Natural Server view.
Anmerkung:
Several of the server-view actions listed below are controlled by
SYSMAIN utility profiles. If, however, no utility profiles for SYSMAIN are
defined, these actions are controlled by the
Utilities
option in the library profile of the library processed.
Location in Server View | Action | Controlled by |
---|---|---|
System-file node | Unlock | Session Option "Unlock Objects" in user security profile. |
Library node | Open / Add to New Project / Add to Existing Project | Command Restrictions (LIST or
EDIT command) in library security profile*.
|
Rename ** | The action as such is always allowed and cannot be disallowed.
However, a library security profile for the library of the new name must exist (unless the general option Transition Period Logon is set to "Y"). Also, for the library contents to be transferred, the option "Mo" (Move) "from library" and "to library" for all object types must be allowed in the SYSMAIN utility profile. |
|
Delete ** | Option "De" (Delete) for object type in SYSMAIN utility profile. | |
Copy | Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile. | |
Paste | Option "Co" (Copy) or "Mo" (Move) "from library" for object type in SYSMAIN utility profile. | |
Group node | Open / Add to New Project / Add to Existing Project | Command Restrictions (LIST or
READ command) in library security profile*.
|
Delete | Command Restrictions in library security profile*. | |
Copy | Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile. | |
Paste | Option "Co" (Copy) or "Mo" (Move) "from library" for object type in SYSMAIN utility profile. | |
Object node | Open / Add to New Project / Add to Existing Project | Editing Restrictions in library security profile*. |
Catalog | Command Restrictions in library security profile*. | |
Stow | Command Restrictions in library security profile*. | |
Execute | Command Restrictions in library security profile*. | |
Rename | Command Restrictions in library security profile*. | |
Delete | Command Restrictions in library security profile*. | |
Copy | Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile. | |
Paste | Option "Co" (Copy) or "Mo" (Move) "from library" for object type in SYSMAIN utility profile. |
* or special-link security profile
** These actions can be made unavailable in the context menu of the library node by the option Disable Rename and Delete of Library Node (described in the section Administrator Services).
Location in Server View | Action | Controlled by |
---|---|---|
DDM node | Add to New Project / Add to Existing Project | Option "Edit" in SYSDDM utility profile (*) and option "Co" (Copy) "from library" for DDM in SYSMAIN utility profile. |
Copy | Option "Co" (Copy) "from library" for DDM in SYSMAIN utility profile. | |
Delete | Option "Delete" in SYSDDM utility profile. (*) | |
Move | Option "Mo" (Move) "from library" for DDM in SYSMAIN utility profile. | |
Open | Option "List" in SYSDDM utility profile. (*) | |
Paste | Option "Co" (Copy) "to library" for DDM in SYSMAIN utility profile. | |
Object node | Add to New Project / Add to Existing Project | Option "Edit" in SYSDDM utility profile (*) and option "Co" (Copy) "from library" for DDM in SYSMAIN utility profile. |
Catalog | Option "Cat" in SYSDDM utility profile. (*) | |
Copy | Option "Co" (Copy) "from library" for DDM in SYSMAIN utility profile. | |
Delete | Option "Delete" in SYSDDM utility profile. (*) | |
Edit | Option "Edit" in SYSDDM utility profile (*) and option "Co" (Copy) "from library" for DDM in SYSMAIN utility profile. | |
Move | Option "Mo" (Move) "from library" for DDM in SYSMAIN utility profile. | |
Paste | Option "Co" (Copy) "to library" for DDM in SYSMAIN utility profile. | |
Stow | Option "Cat" in SYSDDM utility profile. (*) |
(*) If no SYSDDM utility profile is defined, the Command Restrictions in the SYSDDM library profile apply.
The DDMs listed under the DDM node are those related to the user's default library. If a SYSDDM utility profile is defined, the option "List" must be allowed in this profile for the DDMs to be listed.
Anmerkung:
Do not confuse the term private-mode library as used in this
section with the term private library as used in the section
User Maintenance. They refer to separate features which are
not related with each other.
For Natural projects, NaturalONE supports two development modes: shared mode and private mode. They are set in NaturalONE and are described in the section Different Modes for Developing Natural Applications of the NaturalONE Introduction documentation. For these, so-called "development mode options" can be set in Natural Security. They determine how Natural Security controls the use of Natural server actions triggered by the Eclipse Navigator view actions. You have two possibilities:
The form of protection is determined by the option Development Mode, which is set in the Library and User Preset Values section of Administrator Services.
If the library preset value Development Mode is set to asterisk (*), the use of the following server actions triggered by the actions in the Eclipse Navigator view can be protected by the following Natural Security definitions:
Location in Navigator View | Action | Controlled by | In private mode also controlled by |
---|---|---|---|
Project node | Upload | Command SAVE in Command
Restrictions in library (or special-link) security profile.
|
Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile. |
Update | Commands CHECK ,
CATALOG and STOW in
Command Restrictions in library (or special-link) security profile.
|
||
Build Project | |||
Rebuild Project |
Disallowed actions are not disabled in the context menus of the Navigator view; the appropriate Natural Security restrictions are only evaluated when the user attempts to perform an action.
If the development mode in NaturalONE is set to private mode, the security definitions for the original library also apply to all its private-mode libraries.
If the library preset value Development Mode is set to "Y", the server actions triggered by the actions in the Eclipse Navigator view can be protected in Natural Security by development mode options - taking into consideration the development mode set in NaturalONE - as described in this section.
You can specify:
In general, specifications made for individual libraries have priority over specifications made for individual users.
If you set the library preset value Development Mode to "Y" and then press PF5 on the Preset Library Values screen, the General Development Mode Options screen will be displayed. On this screen you can set the following options:
Field | Explanation | |
---|---|---|
Development mode | This option determines which development mode can be set for the Natural project in NaturalONE: | |
S | Only shared mode is allowed for the project. | |
P | Only private mode is allowed for the project. | |
M | Mixed mode: Both shared mode and private mode are allowed for the project. | |
This option does not apply to Natural projects which already exist in NaturalONE when it is set, but only to new Natural projects created afterwards. If this option is set to "S" or "P", this applies to all users and libraries within the project, and it cannot be changed for individual users or libraries. If this option is set to "M", you can allow a specific development mode for individual users and libraries in their security profiles. |
||
Prefix for private mode | This option determines which prefix is used for the library IDs of private-mode libraries defined in Natural Security: | |
Undefined | The prefix defined in the Natural Preferences of NaturalONE is used. | |
<Project> | The first 6 characters of the project name (as defined in NaturalONE) are used as prefix. | |
<Library ID> | The first 6 characters of the library ID are used as prefix. | |
<User ID> | The first 6 characters of the user ID are used as prefix. | |
<string> | A specified string of up to 6 characters is used as prefix. You specify this string in a field which will be displayed when you select this option. The string must correspond to the rules for library IDs (see Adding a New Library) | |
Navigator View Actions | The following two options only apply if private mode is set for the Natural project in NaturalONE: | |
Upload | This option controls the use of the Upload action in the project: | |
* | The Update action is only allowed if the
option "Co" (Copy) "from library" for the object type is allowed in the SYSMAIN
utility profile, and if the SAVE command is allowed
in the Command Restrictions of the library (or special-link) security
profile.
|
|
Y | The Upload action is allowed. | |
Update/Build/Rebuild | This option controls the use of the actions Update, Build and Rebuild in the project: | |
* | The actions Update, Build Project and Rebuild
Project action are only allowed if the option "Co" (Copy) "from library" for
the object type is allowed in the SYSMAIN utility profile, and if the commands
CHECK , CATALOG and
STOW are allowed in the Command Restrictions of the
library (or special-link) security profile.
|
|
Y | The actions Update, Build Project and Rebuild Project action are allowed. | |
Server Options | The following three options apply in general and cannot be changed for individual users or libraries: | |
General profile active | This option determines the applicability of the following general development mode options: Development mode, Prefix for private mode, Upload and Update/Build/Rebuild: | |
Y | If a development mode option is not defined in a user profile or library profile, the corresponding general development mode option applies for the user/library. | |
N | Only the development mode options defined in the user profiles and library profiles apply. | |
ETID | This option determines which
ETIDs are used if the Natural server session is started with
ETID=OFF .
|
|
N | Only the development mode options defined in the user profiles and library profiles apply. | |
F | ETIDs will be generated by Natural Security; this corresponds to the user preset value ETID being set to "F". | |
Private-mode library | This option determines if security profiles for private-mode libraries are created automatically by Natural Security. | |
N | Security profiles for private-mode libraries are not created automatically. | |
Y | Security profiles for private-mode libraries are created automatically. | |
F | Same as "Y". In addition, each private-mode
library is linked automatically to all files/DDMs to which the original library
is linked.
This applies to links which exist for the original library at the
time when its private-mode libraries are created. If links for the original
library are added/modified/removed later, you can use library maintenance
function |
|
For further details on private-mode libraries, see below. |
Security profiles for private-mode libraries appear on the Library Maintenance selection list. They are marked with "PM" in the Prot. column.
The security profile of a private-mode library cannot be changed. Apart from the library ID and library name, its components are identical to those of the original library.
The only library maintenance functions available for private-mode
libraries are: DI
(Display), DE
(Delete) and
LF
(Link library to files). With the latter, you cannot change an
existing link, but only display or cancel it.
A logon using the library ID of a private-mode library is not possible.
When a user deletes a private-mode library in the Navigator view, the corresponding security profile created by Natural Security is automatically deleted, too.
When you change the link of an original library to a file, the existing links of all private-mode libraries to this file are automatically changed accordingly.
If the library preset value Development Mode is set to "Y", the Additional Options section of user security profiles is expanded to include User Development Mode Options. Here you can set the following options for this user:
Field | Explanation | |
---|---|---|
Development mode | This option can only be set if the general development mode option Development mode is set to "M"; and it only applies to libraries in which the Development mode option is set to "M". For these libraries, it determines which development mode applies for this user: | |
S | Only shared mode is allowed for this user. | |
P | Only private mode is allowed for this user. | |
M | Mixed mode: Both shared mode and private mode are allowed for this user. | |
Prefix for private mode | Same as in General Development Mode Options, but only for this user. | |
Navigator View Actions | These two options only apply if private mode is in effect: | |
Upload | Same as in General Development Mode Options, but only for this user. | |
Update/Build/Rebuild | Same as in General Development Mode Options, but only for this user. |
If the library preset value Development Mode is set to "Y", the Restrictions section of library security profiles is expanded to include Library Development Mode Options. Here you can set the following options for this library:
Field | Explanation | |
---|---|---|
Development mode | This option can only be set if the general development mode option Development mode is set to "M" (see above). In this case, this option determines which development mode can be set for this library in NaturalONE: | |
S | Only shared mode is allowed for this library. | |
P | Only private mode is allowed for this library. | |
M | Mixed mode: Both shared mode and private mode are allowed for this library. | |
Prefix for private mode | Same as in General Development Mode Options, but only for private-mode libraries derived from this library. | |
Navigator View Actions | These two options only apply if private mode is in effect: | |
Upload | Same as in General Development Mode Options, but only for private-mode libraries derived from this library. | |
Update/Build/Rebuild | Same as in General Development Mode Options, but only for private-mode libraries derived from this library. |
The following table shows some examples of the effects of various combinations of development mode options:
If the following specifications are made ... | ... the following applies to the library in question: | ||
---|---|---|---|
General Development Mode Options | User Development Mode Options | Library Development Mode Options | |
|
|
|
The development mode is determined by the settings in NaturalONE. If it is private mode, the prefix defined in NaturalONE is used. |
|
|
|
The development mode is determined by the settings in NaturalONE. If it is private mode, the prefix defined in NaturalONE is used. |
|
|
|
The development mode must be set to "private mode" in NaturalONE. The user ID is used as prefix for the private-mode libraries derived from the library. |
|
|
Options not set. |
The development mode must be set to "private mode" in NaturalONE. The specified character string is used as prefix for the private-mode libraries derived from the library. |