Protecting the Natural Development Environment in Eclipse

This section describes how to control the use of the Natural Server view and Eclipse Navigator view used by Natural in an Eclipse environment in conjunction with NaturalONE. It covers the following topics:

To display the Natural Server view and Eclipse Navigator view options and actions allowed/disallowed for a specific library and user, you can use the application programming interface NSCONE.


Protecting the Natural Server View

This section describes how to protect with Natural Security a Natural server used in Eclipse, and how the security definitions on the FSEC system file attached to the server environment affect actions on the server. It covers the following topics:

Map Environment and Library Selection

The function Map Environment is controlled by the Natural Security settings that apply to the FNAT system file on which this function is executed. When the function is executed, Natural Security performs a logon, according to the rules as described in the section Logon Procedure. The logon will be to the user's default library, therefore the security settings have to be such that the user is able to log on to his/her default library.

When logging on to the mapped environment, it is possible to use 32-digit user names as IDs for the logon. This requires that the option Support user names as IDs is set in the LDAP security profile for the server used; see the section Authentication Options (LDAP). The user name must be defined as User Name in the user security profile in Natural Security. Please remember that user IDs in NaturalONE are case-sensitive.

Note:
Once the environment has been mapped, a logon with another user ID within the mapped environment is not possible.

Once the environment has been mapped, the server view in the mapped environment lists all non-empty libraries on the FUSER system file assigned to the mapped environment which are accessible by the user. Libraries in whose security profiles a different FUSER file or FDIC file is specified (under Library File) are not listed.

When the user selects one of these libraries from the server view, a logon to this library is performed - according to the rules as described in the section Logon Procedure. Thus it may be possible, for example, that a startup transaction is executed. The user can only select a library from the tree view; any other library selection (for example, via the system command LOGON *) is not possible.

Within a library in the mapped environment, some functions can be protected by Natural Security, others cannot be protected. Which functions these are is described below.

The Natural Security data used by the Natural Server view are cached and will only be refreshed when the Natural server is mapped again.

Note:
If a startup transaction is defined for any library in the Natural Server view, it must meet the conditions described under Startup Transactions in the section Using an Existing Natural Development Server Environment of the NaturalONE Installation documentation.

Protectable Functions in the Mapped Environment

The use of the following functions in a library within the mapped environment can be protected as follows:

Disallowed actions are disabled in the context menus of the Natural Server view.

Server-View Actions

Note:
Several of the server-view actions listed below are controlled by SYSMAIN utility profiles. If, however, no utility profiles for SYSMAIN are defined, these actions are controlled by the Utilities option in the library profile of the library processed.

Location in Server View Action Controlled by
System-file node Unlock Session Option "Unlock Objects" in user security profile.
Library node Open Command Restrictions (LIST or EDIT command) in library security profile*.
Add to New Project / Add to Existing Project Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile.
Rename (**) The action as such is always allowed and cannot be disallowed.
However, a library security profile for the library of the new name must exist (unless the general option Transition Period Logon is set to "Y"). Also, for the library contents to be transferred, the option "Mo" (Move) "from library" and "to library" for all object types must be allowed in the SYSMAIN utility profile.
Delete (**) Option "De" (Delete) for object type in SYSMAIN utility profile.
Copy Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile.
Paste Option "Co" (Copy) or "Mo" (Move) "from library" for object type in SYSMAIN utility profile.
Programming objects
Group node for programming objects Open / Add to New Project / Add to Existing Project Command Restrictions (LIST or READ command) in library security profile*.
Delete Command Restrictions in library security profile*.
Copy Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile.
Paste Option "Co" (Copy) or "Mo" (Move) "from library" for object type in SYSMAIN utility profile.
Object node for programming objects Open / Add to New Project / Add to Existing Project Editing Restrictions in library security profile*.
Catalog Command Restrictions in library security profile*.
Stow Command Restrictions in library security profile*.
Execute Command Restrictions in library security profile*.
Rename Command Restrictions in library security profile*.
Delete Command Restrictions in library security profile*.
Copy Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile.
Paste Option "Co" (Copy) or "Mo" (Move) "from library" for object type in SYSMAIN utility profile.
Edit Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile.
List Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile.
DDMs
Group node for DDMs Add to New Project / Add to Existing Project Option "Edit" in SYSDDM utility profile (***) and option "Co" (Copy) "from environment" for DDM in SYSMAIN utility profile.
Copy Option "Co" (Copy) "from environment" for DDM in SYSMAIN utility profile.
Delete Option "Delete" in SYSDDM utility profile. (***)
Move Option "Mo" (Move) "from environment" for DDM in SYSMAIN utility profile.
Open Option "List" in SYSDDM utility profile. (***)
Paste Option "Co" (Copy) "to environment" for DDM in SYSMAIN utility profile.
Object node for DDMs Add to New Project / Add to Existing Project Option "Edit" in SYSDDM utility profile (***) and option "Co" (Copy) "from environment" for DDM in SYSMAIN utility profile.
Catalog Option "Cat" in SYSDDM utility profile. (***)
Copy Option "Co" (Copy) "from environment" for DDM in SYSMAIN utility profile.
Delete Option "Delete" in SYSDDM utility profile. (***)
Edit Option "Edit" in SYSDDM utility profile (***) and option "Co" (Copy) "from environment" for DDM in SYSMAIN utility profile.
Move Option "Mo" (Move) "from environment" for DDM in SYSMAIN utility profile.
Paste Option "Co" (Copy) "to environment" for DDM in SYSMAIN utility profile.
Stow Option "Cat" in SYSDDM utility profile. (***)

* or special-link security profile

** These actions can be made unavailable in the context menu of the library node by the option Disable Rename and Delete of Library Node (described in the section Administrator Services).

*** If no SYSDDM utility profile is defined, the Command Restrictions in the SYSDDM library profile apply.

Protecting the Navigator View

Note:
Do not confuse the term private-mode library as used in this section with the term private library as used in the section User Maintenance. They refer to separate features which are not related with each other.

For Natural projects, NaturalONE supports two development modes: shared mode and private mode. They are set in NaturalONE and are described in the section Different Modes for Developing Natural Applications of the NaturalONE Introduction documentation. For these, so-called "development mode options" can be set in Natural Security. They determine how Natural Security controls the use of Natural server actions triggered by the Eclipse Navigator view actions. You have two possibilities:

The form of protection is determined by the option Development Mode, which is set in the Library Preset Values section of Administrator Services.

Protection Without Development Mode Options

If the library preset value Development Mode is set to asterisk (*), the use of the following server actions triggered by the actions in the Eclipse Navigator view can be protected by the following Natural Security definitions:

Location in Navigator View Action Controlled by In private mode also controlled by
Project node Upload Command SAVE in Command Restrictions in library (or special-link) security profile. Option "Co" (Copy) "from library" for object type in SYSMAIN utility profile.
Update Command STOW in Command Restrictions in library (or special-link) security profile.
Build Project
Rebuild Project

Disallowed actions are not disabled in the context menus of the Navigator view; the appropriate Natural Security restrictions are only evaluated when the user attempts to perform an action.

If the development mode in NaturalONE is set to private mode, the security definitions for the original library also apply to all its private-mode libraries.

Protection With Development Mode Options

If the library preset value Development Mode is set to "Y", the server actions triggered by the actions in the Eclipse Navigator view can be protected in Natural Security by development mode options - taking into consideration the development mode set in NaturalONE - as described in this section.

You can specify:

In general, specifications made for individual libraries have priority over specifications made for individual users.

General Development Mode Options

If you set the library preset value Development Mode to "Y" and then press PF5 on the Preset Library Values screen, the General Development Mode Options screen will be displayed. On this screen you can set the following options:

Field Explanation
Development mode This option determines which development mode can be set for the Natural project in NaturalONE:
S Only shared mode is allowed for the project.
P Only private mode is allowed for the project.
M Mixed mode: Both shared mode and private mode are allowed for the project.

This option does not apply to Natural projects which already exist in NaturalONE when it is set, but only to new Natural projects created afterwards.

If this option is set to "S" or "P", this applies to all users and libraries within the project, and it cannot be changed for individual users or libraries. If this option is set to "M", you can allow a specific development mode for individual users and libraries in their security profiles.

Prefix for private mode This option determines which prefix is used for the library IDs of private-mode libraries defined in Natural Security:
Undefined The prefix defined in the Natural Preferences of NaturalONE is used.
<Project> The first 6 characters of the project name (as defined in NaturalONE) are used as prefix.
<Library ID> The first 6 characters of the library ID are used as prefix.
<User ID> The first 6 characters of the user ID are used as prefix.
<string> A specified string of up to 6 characters is used as prefix. You specify this string in a field which will be displayed when you select this option. The string must correspond to the rules for library IDs (see Adding a New Library)
Navigator View Actions
The following two options only apply if private mode is set for the Natural project in NaturalONE:
Upload This option controls the use of the Upload action in the project:
* The Update action is only allowed if the option "Co" (Copy) "from library" for the object type is allowed in the SYSMAIN utility profile, and if the SAVE command is allowed in the Command Restrictions of the library (or special-link) security profile.
Y The Upload action is allowed.
Update/Build/Rebuild This option controls the use of the actions Update, Build and Rebuild in the project:
* The actions Update, Build Project and Rebuild Project action are only allowed if the option "Co" (Copy) "from library" for the object type is allowed in the SYSMAIN utility profile, and if the commands CHECK, CATALOG and STOW are allowed in the Command Restrictions of the library (or special-link) security profile.
Y The actions Update, Build Project and Rebuild Project action are allowed.
Server View Options
The following three options apply in general and cannot be changed for individual users or libraries:
General profile active This option determines the applicability of the following general development mode options: Development mode, Prefix for private mode, Upload and Update/Build/Rebuild:
Y If a development mode option is not defined in a user profile or library profile, the corresponding general development mode option applies for the user/library.
N Only the development mode options defined in the user profiles and library profiles apply.
ETID This option determines which ETIDs are used if the Natural server session is started with ETID=OFF.
N Only the development mode options defined in the user profiles and library profiles apply.
F ETIDs will be generated by Natural Security; this corresponds to the user preset value ETID being set to "F".
Private-mode library This option determines if security profiles for private-mode libraries are created automatically by Natural Security.
N Security profiles for private-mode libraries are not created automatically.
Y Security profiles for private-mode libraries are created automatically.
F Same as "Y". In addition, each private-mode library is linked automatically to all files/DDMs to which the original library is linked.

This applies to links which exist for the original library at the time when its private-mode libraries are created. If links for the original library are added/modified/removed later, you can use library maintenance function LF to manually adjust the link situation for the private-mode libraries.

For further details on private-mode libraries, see below.
Natural Server Actions
SYSLSO command This option controls the use of the SYSLSO command, which determines the library search order for private-mode libraries.
A The SYSLSO command can be executed both online and in batch mode (this is the default).
B The SYSLSO command can only be executed in batch mode.
O The SYSLSO command can only be executed online.
N The use of the SYSLSO command is not allowed.
* The use of the SYSLSO command is controlled by the corresponding option in the user and library profiles.
For information on the SYSLSO command, see the NaturalONE documentation.

Private-Mode Libraries

Security profiles for private-mode libraries appear on the Library Maintenance selection list. They are marked with "PM" in the Prot. column.

The security profile of a private-mode library cannot be changed. Apart from the library ID and library name, its components are identical to those of the original library.

The only library maintenance functions available for private-mode libraries are: DI (Display), DE (Delete) and LF (Link library to files). With the latter, you cannot change an existing link, but only display or cancel it.

A logon using the library ID of a private-mode library is not possible.

When a user deletes a private-mode library in the Navigator view, the corresponding security profile created by Natural Security is automatically deleted, too.

When you change the link of an original library to a file, the existing links of all private-mode libraries to this file are automatically changed accordingly.

LSO Container Libraries

LSO (library search order) container libraries are described under Using Private-mode Libraries in Batch in the section Working in a Team of the NaturalONE in a Nutshell documentation.

When LSO container libraries are generated in NaturalONE, security profiles for them are created automatically by Natural Security.

Security profiles for LSO container libraries appear on the Library Maintenance selection list. They are marked with "P0" in the Prot. column.

The security profile of an LSO container library cannot be changed. Apart from the library ID and library name, its components are identical to those of the original library.

The only library maintenance functions available for LSO container libraries are: DI (Display) and DE (Delete).

A logon using the library ID of an LSO container library is not possible.

User Development Mode Options

If the library preset value Development Mode is set to "Y", the Additional Options section of user security profiles is expanded to include User Development Mode Options. Here you can set the following options for this user:

Field Explanation
Development mode This option can only be set if the general development mode option Development mode is set to "M"; and it only applies to libraries in which the Development mode option is set to "M". For these libraries, it determines which development mode applies for this user:
S Only shared mode is allowed for this user.
P Only private mode is allowed for this user.
M Mixed mode: Both shared mode and private mode are allowed for this user.
Prefix for private mode Same as in General Development Mode Options, but only for this user.
Navigator View Actions These two options only apply if private mode is in effect:
Upload Same as in General Development Mode Options, but only for this user.
Update/Build/Rebuild Same as in General Development Mode Options, but only for this user.

Library Development Mode Options

If the library preset value Development Mode is set to "Y", the Restrictions section of library security profiles is expanded to include Library Development Mode Options. Here you can set the following options for this library:

Field Explanation
Development mode This option can only be set if the general development mode option Development mode is set to "M" (see above). In this case, this option determines which development mode can be set for this library in NaturalONE:
S Only shared mode is allowed for this library.
P Only private mode is allowed for this library.
M Mixed mode: Both shared mode and private mode are allowed for this library.
Prefix for private mode Same as in General Development Mode Options, but only for private-mode libraries derived from this library.
Navigator View Actions These two options only apply if private mode is in effect:
Upload Same as in General Development Mode Options, but only for private-mode libraries derived from this library.
Update/Build/Rebuild Same as in General Development Mode Options, but only for private-mode libraries derived from this library.

Examples of Development Mode Settings

The following table shows some examples of the effects of various combinations of development mode options:

If the following specifications are made ... ... the following applies to the library in question:
General Development Mode Options User Development Mode Options Library Development Mode Options

Development mode: M

Prefix: Undefined

Development mode: M

Prefix: Undefined

Development mode: M

Prefix: Undefined

The development mode is determined by the settings in NaturalONE.

If it is private mode, the prefix defined in NaturalONE is used.

Development mode: M

Prefix: Undefined

Development mode: M

Prefix: <string>

Development mode: M

Prefix: Undefined

The development mode is determined by the settings in NaturalONE.

If it is private mode, the prefix defined in NaturalONE is used.

Development mode: M

Prefix: Undefined

Development mode: M

Prefix: Undefined

Development mode: M

Prefix: <User ID>

The development mode must be set to "private mode" in NaturalONE.

The user ID is used as prefix for the private-mode libraries derived from the library.

Development mode: M

Prefix: Undefined

Development mode: P

Prefix: <string>

Options not set.

The development mode must be set to "private mode" in NaturalONE.

The specified character string is used as prefix for the private-mode libraries derived from the library.