This section contains information on the protection of various Natural add-on products by Natural Security and the handling of plug-ins in a Natural Security environment. It contains information on:
The Natural Studio user interface is extensible by plug-ins. If plug-ins are used in an environment protected by Natural Security, the following prerequisites must be met:
For the Natural Plug-in Manager (which is a plug-in itself) and for every plug-in to be used, a library security profile has to be defined. For plug-ins delivered together with Natural Studio, pre-defined system-library profiles are provided. To activate these, you use the Administrator Services function Definition of system libraries.
The following plug-in system libraries are provided:
Library | Contents |
---|---|
SYSEXPLG | Plug-in Example. |
SYSPLCGC | Program Generation. |
SYSPLMAN | Plug-in Manager. |
SYSPLMFE | Mainframe Navigation. |
SYSPLNEE | Metrics Calculation / Engineer Xref Viewing. |
SYSPLPDC | Object Description. |
SYSPLPGC | Schema Generation. |
SYSPLWEB | Web Interface. |
SYSPLWIZ | Application Wizard. |
SYSPLXRC | Xref Evaluation. |
When a user activates a plug-in, Natural Studio starts a second Natural
session with automatic logon (profile parameter AUTO=ON
). For the
automatic logon to be successful, a user who is to use a plug-in must have
either a default library or a private library specified in his/her security
profile.
When a user activates a plug-in, Natural Studio starts a second Natural
session using the parameter file NATPARM
. If the user's Natural
session uses a parameter file other than NATPARM
, the system-file
specifications for FNAT, FSEC and FUSER in the NATPARM
parameter
file must match those of the parameter file used by the user session in a
Natural Security environment.
On mainframe computers, the Predict library SYSDIC may be defined and its use controlled by Natural Security.
To be able to use under Natural Security those Predict functions which use Adabas Online Services (AOS) facilities, that is, to enable Natural Security protection, you have to perform the following steps:
Create a security profile for the library SYSDIC (Add Library).
Define the library SYSDIC as people-protected, and link to it those users (or user groups) who are to be Predict/AOS administrators.
Execute the program NSCPRDAX
in the library SYSSEC. This
program writes the user exit NSCPRD01
into the SYSDIC library
profile.
Invoke the Modify Library function for the library SYSDIC. Even if
you do not change anything in the security profile, you must perform this step
to confirm the entry of the user exit, because otherwise Natural Security would
consider the execution of NSCPRDAX
an illegal manipulation of
SYSDIC's security profile, and no-one would be able to log on to SYSDIC.
After the user exit has been written into the security profile, no Predict functions will be available until Predict security profiles are defined.
The user exit cannot be removed manually from the SYSDIC library
profile. To remove it, you execute the program NSCPRDDX
in the
library SYSSEC, and then invoke the Modify Library function for confirmation
(as with Step 4 above).
When you select User Exit from the Additional Options of SYSDIC's library profile, an additional screen Predict/AOS Security Profile is displayed. On this screen, you specify who is to be AOS security administrator for which database. The users (or groups of users) specified may then use the AOS-related Predict functions for these databases.
For each database, you can only specify one AOS security administrator. This may be a user of type "Administrator", "Person", "Member", or a "Group" (it need not be a Natural Security administrator). The user must be linked to the library SYSDIC before he/she can be specified as AOS security administrator.
For further information on Predict and its AOS-related functions, and on Predict under Natural Security, please refer to the Predict documentation.
On mainframe computers, the Adabas Online Services library SYSAOS may be defined and its use controlled by Natural Security.
To be able to use the Security Maintenance section of Adabas Online Services under Natural Security, that is, to enable Natural Security protection for Adabas Online Services, you have to perform the following steps:
Create a security profile for the library SYSAOS (Add Library).
Define the library SYSAOS as people-protected, and link to it those users (or user groups) who are to be Adabas Online Services database administrators.
Execute the program NSCAOSIX
in the library SYSSEC. This
program writes the user exit NSCAOSE1
into the SYSAOS library
profile.
Invoke the Modify Library function for the library SYSAOS. Even if
you do not change anything in the security profile, this step is necessary to
confirm the entry of the user exit, because otherwise Natural Security would
consider the execution of NSCAOSIX
an illegal manipulation of
SYSAOS's security profile, and no-one would be able to log on to SYSAOS.
After the user exit has been written into the security profile, no Adabas Online Services functions will be available until Adabas Online Services security profiles are defined.
The user exit cannot be removed manually from the SYSAOS library
profile. To remove it, you execute the program NSCAOSDX
in the
library SYSSEC, and then invoke the Modify Library function for confirmation
(as with Step 4 above).
Note:
Previous versions of Natural Security supplied the user exit
NSCAOS01
, which can still be used instead of
NSCAOSE1
. With NSCAOS01
, however, a maximum of only
72 database profiles can be maintained with Adabas Online Services, while up to
400 can be maintained with NSCAOSE1
. Unlike NSCAOSE1
,
NSCAOS01
does not allow you to assign more than one user group as
an administrator to the default database (see below). The program used to write
NSCAOS01
into the library profile of SYSAOS is called
NSXAOSAX
. Otherwise, what is said above about
NSCAOSE1
also applies to NSCAOS01
.
When you select User Exit from the Additional Options of SYSAOS's library profile, an additional screen Adabas Online Services Security Profile is displayed. On this screen, you specify who is to be Adabas Online Services security administrator for which database. The users (or groups of users) specified may then use the Security Maintenance section of Adabas Online Services for these databases.
For each database, you can only specify one Adabas Online Services security administrator. This may be a user of type "Administrator", "Person", "Member", or a "Group" (it need not be a Natural Security administrator). The user must be linked to the library SYSAOS before he/she can be specified as Adabas Online Services security administrator.
Adabas Online Services uses the database profile for database ID 999 as
a default profile, which applies to all databases for which no individual
database profiles are defined. With the user exit NSCAOSE1
, you
can assign more than one group of Adabas Online Services security
administrators to database 999. To do so, you specify ********
(8
asterisks) as the administrator ID for database 999 in the SYSAOS library
profile. The administrators for database 999 are then determined by the
database profile in Adabas Online Services. As Adabas Online Services allows
you to define more than one profile per database, you can define multiple
profiles for database 999, each with a different group of administrators.
For further information on Adabas Online Services, please refer to the Adabas documentation.