This section contains information on the protection of various Natural add-on products by Natural Security and the handling of plug-ins in a Natural Security environment. It contains information on:
The Natural Studio user interface is extensible by plug-ins. If plug-ins are used in an environment protected by Natural Security, the following prerequisites must be met:
For the Natural Plug-in Manager (which is a plug-in itself) and for every plug-in to be used, a library security profile has to be defined. For plug-ins delivered together with Natural Studio, pre-defined system-library profiles are provided. To activate these, you use the Administrator Services function Definition of System Libraries.
The following plug-in system libraries are provided:
Library | Contents |
---|---|
SYSEXPLG | Plug-in Example. |
SYSPLCGC | Program Generation. |
SYSPLMAN | Plug-in Manager. |
SYSPLMFE | Mainframe Navigation. |
SYSPLNEE | Metrics Calculation / Engineer Xref Viewing. |
SYSPLPDC | Object Description. |
SYSPLPGC | Schema Generation. |
SYSPLWEB | Web Interface. |
SYSPLWIZ | Application Wizard. |
SYSPLXRC | Xref Evaluation. |
When a user activates a plug-in, Natural Studio starts a second Natural
session with automatic logon (profile parameter AUTO=ON
). For the
automatic logon to be successful, a user who is to use a plug-in must have
either a default library or a private library specified in his/her security
profile.
When a user activates a plug-in, Natural Studio starts a second Natural
session using the parameter file NATPARM
. If the user's Natural
session uses a parameter file other than NATPARM
, the system-file
specifications for FNAT, FSEC and FUSER in the NATPARM
parameter
file must match those of the parameter file used by the user session in a
Natural Security environment.
On mainframe computers, the Predict library SYSDIC
may be
defined and its use controlled by Natural Security.
To be able to use under Natural Security those Predict functions which use Adabas Online Services (AOS) facilities, that is, to enable Natural Security protection, you have to perform the following steps:
Create a security profile for the library SYSDIC
(Add
Library).
Define the library SYSDIC
as people-protected, and link
to it those users (or user groups) who are to be Predict/AOS
administrators.
Execute the program NSCPRDAX
in the library
SYSSEC
. This program writes the user exit NSCPRD01
into the SYSDIC
library profile.
Invoke the Modify Library function for the
library SYSDIC
. Even if you do not change anything in the security
profile, you must perform this step to confirm the entry of the user exit,
because otherwise Natural Security would consider the execution of
NSCPRDAX
an illegal manipulation of SYSDIC
's security
profile, and no-one would be able to log on to SYSDIC
.
After the user exit has been written into the security profile, no Predict functions will be available until Predict security profiles are defined.
The user exit cannot be removed manually from the SYSDIC
library profile. To remove it, you execute the program NSCPRDDX
in
the library SYSSEC
, and then invoke the Modify
Library function for confirmation (as with Step 4 above).
When you select User Exit from the
Additional Options of SYSDIC
's library
profile, an additional screen Predict/AOS Security Profile
is displayed. On this screen, you specify who is to be AOS security
administrator for which database. The users (or groups of users) specified may
then use the AOS-related Predict functions for these databases.
For each database, you can only specify one AOS security administrator.
This may be a user of type "Administrator", "Person", "Member", or a "Group"
(it need not be a Natural Security administrator). The user must be linked to
the library SYSDIC
before he/she can be specified as AOS security
administrator.
For further information on Predict and its AOS-related functions, and on Predict under Natural Security, please refer to the Predict documentation.
On mainframe computers, the Adabas Online Services library
SYSAOS
may be defined and its use controlled by Natural
Security.
To be able to use the Security Maintenance section of Adabas Online Services under Natural Security, that is, to enable Natural Security protection for Adabas Online Services, you have to perform the following steps:
Create a security profile for the library SYSAOS
(Add
Library).
Define the library SYSAOS
as people-protected, and link
to it those users (or user groups) who are to be Adabas Online Services
database administrators.
Execute the program NSCAOSIX
in the library
SYSSEC
. This program writes the user exit NSCAOSE1
into the SYSAOS
library profile.
Invoke the Modify Library function for the
library SYSAOS
. Even if you do not change anything in the security
profile, this step is necessary to confirm the entry of the user exit, because
otherwise Natural Security would consider the execution of
NSCAOSIX
an illegal manipulation of SYSAOS
's security
profile, and no-one would be able to log on to SYSAOS
.
After the user exit has been written into the security profile, no Adabas Online Services functions will be available until Adabas Online Services security profiles are defined.
The user exit cannot be removed manually from the SYSAOS
library profile. To remove it, you execute the program NSCAOSDX
in
the library SYSSEC
, and then invoke the Modify
Library function for confirmation (as with Step 4 above).
Note:
Previous versions of Natural Security supplied the user exit
NSCAOS01
, which can still be used instead of
NSCAOSE1
. With NSCAOS01
, however, a maximum of only
72 database profiles can be maintained with Adabas Online Services, while up to
400 can be maintained with NSCAOSE1
. Unlike NSCAOSE1
,
NSCAOS01
does not allow you to assign more than one user group as
an administrator to the default database (see below). The program used to write
NSCAOS01
into the library profile of SYSAOS
is called
NSXAOSAX
. Otherwise, what is said above about
NSCAOSE1
also applies to NSCAOS01
.
When you select User Exit from the
Additional Options of SYSAOS
's library
profile, an additional screen Adabas Online Services Security
Profile is displayed. On this screen, you specify who is to be
Adabas Online Services security administrator for which database. The users (or
groups of users) specified may then use the Security Maintenance section of
Adabas Online Services for these databases.
For each database, you can only specify one Adabas Online Services
security administrator. This may be a user of type "Administrator", "Person",
"Member", or a "Group" (it need not be a Natural Security administrator). The
user must be linked to the library SYSAOS
before he/she can be
specified as Adabas Online Services security administrator.
Adabas Online Services uses the database profile for database ID 999 as
a default profile, which applies to all databases for which no individual
database profiles are defined. With the user exit NSCAOSE1
, you
can assign more than one group of Adabas Online Services security
administrators to database 999. To do so, you specify ********
(8
asterisks) as the administrator ID for database 999 in the SYSAOS
library profile. The administrators for database 999 are then determined by the
database profile in Adabas Online Services. As Adabas Online Services allows
you to define more than one profile per database, you can define multiple
profiles for database 999, each with a different group of administrators.
For further information on Adabas Online Services, please refer to the Adabas documentation.