This section describes how to control the use of the Natural Server view and Eclipse Navigator view used by Natural in an Eclipse environment in conjunction with NaturalONE. It covers the following topics:
To display the Natural Server view and Eclipse Navigator view options
and actions allowed/disallowed for a specific library and user, you can use the
application programming interface NSCONE
.
This section describes how to protect with Natural Security a Natural server used in Eclipse, and how the security definitions on the FSEC system file attached to the server environment affect actions on the server. It covers the following topics:
The function Map Environment is controlled by the Natural Security settings that apply to the FNAT system file on which this function is executed. When the function is executed, Natural Security performs a logon, according to the rules as described in the section Logon Procedure. The logon will be to the user's default library, therefore the security settings have to be such that the user is able to log on to his/her default library.
When logging on to the mapped environment, it is possible to use 32-digit user names as IDs for the logon. This requires that the option Support user names as IDs is set in the LDAP security profile for the server used; see the section Authentication Options (LDAP). The user name must be defined as User Name in the user security profile in Natural Security. Please remember that user IDs in NaturalONE are case-sensitive.
Anmerkung:
Once the environment has been mapped, a logon with another user
ID within the mapped environment is not possible.
Once the environment has been mapped, the server view in the mapped environment lists all non-empty libraries on the FUSER system file assigned to the mapped environment which are accessible by the user. Libraries in whose security profiles a different FUSER file or FDIC file is specified (under Library File) are not listed.
When the user selects one of these libraries from the server view,
a logon to this library is performed - according to the rules as described in
the section Logon
Procedure. Thus it may be possible, for example, that a
startup transaction is executed. The user can only select a library from the
tree view; any other library selection (for example, via the system command
LOGON *
) is not possible.
Within a library in the mapped environment, some functions can be protected by Natural Security, others cannot be protected. Which functions these are is described below.
The Natural Security data used by the Natural Server view are cached and will only be refreshed when the Natural server is mapped again.
Anmerkung:
If a startup transaction is defined for any library in the
Natural Server view, it must meet the conditions described under
Startup Transactions in the section Using an
Existing Natural Development Server Environment of the
NaturalONE Installation documentation.
The use of the following functions in a library within the mapped environment can be protected as follows:
Disallowed actions are disabled in the context menus of the Natural Server view.
Anmerkung:
Several of the server-view actions listed below are
controlled by SYSMAIN utility profiles. If, however, no utility profiles for
SYSMAIN are defined, these actions are controlled by the
Utilities
option in the library profile of the library processed.
Location in Server View | Action | Controlled by |
---|---|---|
System-file node | Unlock | Session Option "Unlock Objects" in user security profile. |
Library node | Open | Command Restrictions
(LIST or EDIT command) in
library security profile*.
|
Add to New Project / Add to Existing Project | Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile. | |
Rename (**) | The action as such is always allowed and cannot be
disallowed. However, a library security profile for the library of the new name must exist (unless the general option Transition Period Logon is set to "Y"). Also, for the library contents to be transferred, the option "Mo" (Move) "from library" and "to library" for all object types must be allowed in the SYSMAIN utility profile. |
|
Delete (**) | Option "De" (Delete) for object type in SYSMAIN utility profile. | |
Copy | Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile. | |
Paste | Option "Co" (Copy) or "Mo" (Move) "from library" for object type in SYSMAIN utility profile. | |
Programming objects | ||
Group node for programming objects | Open / Add to New Project / Add to Existing Project | Command Restrictions
(LIST or READ command) in
library security profile*.
|
Delete | Command Restrictions in library security profile*. | |
Copy | Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile. | |
Paste | Option "Co" (Copy) or "Mo" (Move) "from library" for object type in SYSMAIN utility profile. | |
Object node for programming objects | Open / Add to New Project / Add to Existing Project | Editing Restrictions in library security profile*. |
Catalog | Command Restrictions in library security profile*. | |
Stow | Command Restrictions in library security profile*. | |
Execute | Command Restrictions in library security profile*. | |
Rename | Command Restrictions in library security profile*. | |
Delete | Command Restrictions in library security profile*. | |
Copy | Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile. | |
Paste | Option "Co" (Copy) or "Mo" (Move) "from library" for object type in SYSMAIN utility profile. | |
Edit | Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile. | |
List | Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile. | |
DDMs | ||
Group node for DDMs | Add to New Project / Add to Existing Project | Option "Edit" in SYSDDM utility profile (***) and option "Co" (Copy) "from environment" for DDM in SYSMAIN utility profile. |
Copy | Option "Co" (Copy) "from environment" for DDM in SYSMAIN utility profile. | |
Delete | Option "Delete" in SYSDDM utility profile. (***) | |
Move | Option "Mo" (Move) "from environment" for DDM in SYSMAIN utility profile. | |
Open | Option "List" in SYSDDM utility profile. (***) | |
Paste | Option "Co" (Copy) "to environment" for DDM in SYSMAIN utility profile. | |
Object node for DDMs | Add to New Project / Add to Existing Project | Option "Edit" in SYSDDM utility profile (***) and option "Co" (Copy) "from environment" for DDM in SYSMAIN utility profile. |
Catalog | Option "Cat" in SYSDDM utility profile. (***) | |
Copy | Option "Co" (Copy) "from environment" for DDM in SYSMAIN utility profile. | |
Delete | Option "Delete" in SYSDDM utility profile. (***) | |
Edit | Option "Edit" in SYSDDM utility profile (***) and option "Co" (Copy) "from environment" for DDM in SYSMAIN utility profile. | |
Move | Option "Mo" (Move) "from environment" for DDM in SYSMAIN utility profile. | |
Paste | Option "Co" (Copy) "to environment" for DDM in SYSMAIN utility profile. | |
Stow | Option "Cat" in SYSDDM utility profile. (***) |
* or special-link security profile
** These actions can be made unavailable in the context menu of the library node by the option Disable Rename and Delete of Library Node (described in the section Administrator Services).
*** If no SYSDDM utility profile is defined, the Command Restrictions in the SYSDDM library profile apply.
Anmerkung:
Do not confuse the term private-mode library as used in
this section with the term private library as used in the section
User Maintenance. They refer to separate features which are
not related with each other.
For Natural projects, NaturalONE supports two development modes: shared mode and private mode. They are set in NaturalONE and are described in the section Different Modes for Developing Natural Applications of the NaturalONE Introduction documentation. For these, so-called "development mode options" can be set in Natural Security. They determine how Natural Security controls the use of Natural server actions triggered by the Eclipse Navigator view actions. You have two possibilities:
The form of protection is determined by the option Development Mode, which is set in the Library Preset Values section of Administrator Services.
If the library preset value Development Mode is set to asterisk (*), the use of the following server actions triggered by the actions in the Eclipse Navigator view can be protected by the following Natural Security definitions:
Location in Navigator View | Action | Controlled by | In private mode also controlled by |
---|---|---|---|
Project node | Upload | Command SAVE in Command
Restrictions in library (or special-link) security profile.
|
Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile. |
Update | Command STOW
in Command Restrictions in library (or special-link) security profile.
|
||
Build Project | |||
Rebuild Project |
Disallowed actions are not disabled in the context menus of the Navigator view; the appropriate Natural Security restrictions are only evaluated when the user attempts to perform an action.
If the development mode in NaturalONE is set to private mode, the security definitions for the original library also apply to all its private-mode libraries.
If the library preset value Development Mode is set to "Y", the server actions triggered by the actions in the Eclipse Navigator view can be protected in Natural Security by development mode options - taking into consideration the development mode set in NaturalONE - as described in this section.
You can specify:
In general, specifications made for individual libraries have priority over specifications made for individual users.
If you set the library preset value Development Mode to "Y" and then press PF5 on the Preset Library Values screen, the General Development Mode Options screen will be displayed. On this screen you can set the following options:
Field | Explanation | |
---|---|---|
Development mode | This option determines which development mode can be set for the Natural project in NaturalONE: | |
S | Only shared mode is allowed for the project. | |
P | Only private mode is allowed for the project. | |
M | Mixed mode: Both shared mode and private mode are allowed for the project. | |
This option does not apply to Natural projects which already exist in NaturalONE when it is set, but only to new Natural projects created afterwards. If this option is set to "S" or "P", this applies to all users and libraries within the project, and it cannot be changed for individual users or libraries. If this option is set to "M", you can allow a specific development mode for individual users and libraries in their security profiles. |
||
Prefix for private mode | This option determines which prefix is used for the library IDs of private-mode libraries defined in Natural Security: | |
Undefined | The prefix defined in the Natural Preferences of NaturalONE is used. | |
<Project> | The first 6 characters of the project name (as defined in NaturalONE) are used as prefix. | |
<Library ID> | The first 6 characters of the library ID are used as prefix. | |
<User ID> | The first 6 characters of the user ID are used as prefix. | |
<string> | A specified string of up to 6 characters is used as prefix. You specify this string in a field which will be displayed when you select this option. The string must correspond to the rules for library IDs (see Adding a New Library) | |
Navigator View Actions | ||
The following two options only apply if private mode is set for the Natural project in NaturalONE: | ||
Upload | This option controls the use of the Upload action in the project: | |
* | The Update action is only allowed if
the option "Co" (Copy) "from library" for the object type is allowed in the
SYSMAIN utility profile, and if the SAVE command is
allowed in the Command Restrictions of the library (or special-link) security
profile.
|
|
Y | The Upload action is allowed. | |
Update/Build/Rebuild | This option controls the use of the actions Update, Build and Rebuild in the project: | |
* | The actions Update, Build Project and
Rebuild Project action are only allowed if the option "Co" (Copy) "from
library" for the object type is allowed in the SYSMAIN utility profile, and if
the commands CHECK ,
CATALOG and STOW are
allowed in the Command Restrictions of the library (or special-link) security
profile.
|
|
Y | The actions Update, Build Project and Rebuild Project action are allowed. | |
Server View Options | ||
The following three options apply in general and cannot be changed for individual users or libraries: | ||
General profile active | This option determines the applicability of the following general development mode options: Development mode, Prefix for private mode, Upload and Update/Build/Rebuild: | |
Y | If a development mode option is not defined in a user profile or library profile, the corresponding general development mode option applies for the user/library. | |
N | Only the development mode options defined in the user profiles and library profiles apply. | |
ETID | This option determines
which ETIDs are used if the Natural server session is started with
ETID=OFF .
|
|
N | Only the development mode options defined in the user profiles and library profiles apply. | |
F | ETIDs will be generated by Natural Security; this corresponds to the user preset value ETID being set to "F". | |
Private-mode library | This option determines if security profiles for private-mode libraries are created automatically by Natural Security. | |
N | Security profiles for private-mode libraries are not created automatically. | |
Y | Security profiles for private-mode libraries are created automatically. | |
F | Same as "Y". In addition, each
private-mode library is linked automatically to all files/DDMs to which the
original library is linked.
This applies to links which exist for the original
library at the time when its private-mode libraries are created. If links for
the original library are added/modified/removed later, you can use library
maintenance function |
|
For further details on private-mode libraries, see below. | ||
Natural Server Actions | ||
SYSLSO command | This option controls the use of the SYSLSO command, which determines the library search order for private-mode libraries. | |
A | The SYSLSO command can be executed both online and in batch mode (this is the default). | |
B | The SYSLSO command can only be executed in batch mode. | |
O | The SYSLSO command can only be executed online. | |
N | The use of the SYSLSO command is not allowed. | |
* | The use of the SYSLSO command is controlled by the corresponding option in the user and library profiles. | |
For information on the SYSLSO command, see the NaturalONE documentation. |
Security profiles for private-mode libraries appear on the Library Maintenance selection list. They are marked with "PM" in the Prot. column.
The security profile of a private-mode library cannot be changed. Apart from the library ID and library name, its components are identical to those of the original library.
The only library maintenance functions available for
private-mode libraries are: DI
(Display), DE
(Delete)
and LF
(Link library to files). With the latter, you cannot change
an existing link, but only display or cancel it.
A logon using the library ID of a private-mode library is not possible.
When a user deletes a private-mode library in the Navigator view, the corresponding security profile created by Natural Security is automatically deleted, too.
When you change the link of an original library to a file, the existing links of all private-mode libraries to this file are automatically changed accordingly.
LSO (library search order) container libraries are described under Using Private-mode Libraries in Batch in the section Working in a Team of the NaturalONE in a Nutshell documentation.
When LSO container libraries are generated in NaturalONE, security profiles for them are created automatically by Natural Security.
Security profiles for LSO container libraries appear on the Library Maintenance selection list. They are marked with "P0" in the Prot. column.
The security profile of an LSO container library cannot be changed. Apart from the library ID and library name, its components are identical to those of the original library.
The only library maintenance functions available for LSO
container libraries are: DI
(Display) and DE
(Delete).
A logon using the library ID of an LSO container library is not possible.
If the library preset value Development Mode is set to "Y", the Additional Options section of user security profiles is expanded to include User Development Mode Options. Here you can set the following options for this user:
Field | Explanation | |
---|---|---|
Development mode | This option can only be set if the general development mode option Development mode is set to "M"; and it only applies to libraries in which the Development mode option is set to "M". For these libraries, it determines which development mode applies for this user: | |
S | Only shared mode is allowed for this user. | |
P | Only private mode is allowed for this user. | |
M | Mixed mode: Both shared mode and private mode are allowed for this user. | |
Prefix for private mode | Same as in General Development Mode Options, but only for this user. | |
Navigator View Actions | These two options only apply if private mode is in effect: | |
Upload | Same as in General Development Mode Options, but only for this user. | |
Update/Build/Rebuild | Same as in General Development Mode Options, but only for this user. |
If the library preset value Development Mode is set to "Y", the Restrictions section of library security profiles is expanded to include Library Development Mode Options. Here you can set the following options for this library:
Field | Explanation | |
---|---|---|
Development mode | This option can only be set if the general development mode option Development mode is set to "M" (see above). In this case, this option determines which development mode can be set for this library in NaturalONE: | |
S | Only shared mode is allowed for this library. | |
P | Only private mode is allowed for this library. | |
M | Mixed mode: Both shared mode and private mode are allowed for this library. | |
Prefix for private mode | Same as in General Development Mode Options, but only for private-mode libraries derived from this library. | |
Navigator View Actions | These two options only apply if private mode is in effect: | |
Upload | Same as in General Development Mode Options, but only for private-mode libraries derived from this library. | |
Update/Build/Rebuild | Same as in General Development Mode Options, but only for private-mode libraries derived from this library. |
The following table shows some examples of the effects of various combinations of development mode options:
If the following specifications are made ... | ... the following applies to the library in question: | ||
---|---|---|---|
General Development Mode Options | User Development Mode Options | Library Development Mode Options | |
|
|
|
The development mode is determined by the settings in NaturalONE. If it is private mode, the prefix defined in NaturalONE is used. |
|
|
|
The development mode is determined by the settings in NaturalONE. If it is private mode, the prefix defined in NaturalONE is used. |
|
|
|
The development mode must be set to "private mode" in NaturalONE. The user ID is used as prefix for the private-mode libraries derived from the library. |
|
|
Options not set. |
The development mode must be set to "private mode" in NaturalONE. The specified character string is used as prefix for the private-mode libraries derived from the library. |