This document covers the following topics:

• Checks for all Generation Functions

• Security Definitions in Natural Security at Object Type Level

• Type-Specific Security Checks

• PUNCH

---

Checks for all Generation Functions

For all generation functions, the user needs at least the following access rights:

• READ access to the documentation object from which the external object is generated.

• ADD or MODIFY access to the external object type.

Additional security checks for the individual functions depend on the type of external object to be generated. These checks are described below.

Security Definitions in Natural Security at Object Type Level

A Security definitions for a Predict external object type is used to protect the function itself.

Examples:

• A user with neither ADD nor MODIFY access to object CO of the NSC external object type PRD-Docu-Object is not allowed to execute the function Generate COBOL Copy Code.

• A user with only MODIFY access to object CO is only allowed to execute the function Generate COBOL Copy Code if existing members are overwritten.

Type-Specific Security Checks

• ADACMP / ADAWAN / ADAFDU Definitions, ADAINV Definitions, ADASCR Definitions

• ADACMP / ADAWAN /ADAFDU Definitions

• ADAINV Definitions, ADASCR Definitions

• Adabas Tables/Views

• Adabas File

• DDM

• Verification Rule

• UDF for IMS

• Transparency Table

ADACMP / ADAWAN / ADAFDU Definitions, ADAINV Definitions, ADASCR Definitions

READ access to the database containing the file is checked in addition to the READ access to the file:

• If parameter Database ID is not specified, a selection window appears containing linked databases to which the user has at least READ access.

• If the parameters Phys. File number or Phys. Database number are used to identify the file uniquely, a selection window may appear under certain circumstances. This window contains files and databases to which the user has at least READ access.

• If the user does not have access to any linked databases, he cannot execute the function and a corresponding message is given.

ADACMP / ADAWAN /ADAFDU Definitions

If parameter Input file ID is specified for this function, this file is checked for READ access, too.

ADAINV Definitions, ADASCR Definitions

The database specified with parameter Database ID is checked for READ access.

Adabas Tables/Views

If the default parameter Specification DB-ID forces the user to enter a database ID, either the specified database is checked or a selection window containing databases to which the user has at least READ access is displayed.

Adabas File

• If Database ID is specified, this database is checked for READ access.

• If Database ID is not specified or is specified incorrectly, an additional selection screen is displayed containing only databases to which the user has at least READ access.

• If the parameters Phys. File number or Phys. Database number are used to identify the file uniquely, a selection window may appear under certain circumstances. This window contains files and databases to which the user has at least READ access.

DDM

If the default parameter Specification DB-ID forces the user to enter a database ID, either the specified database is checked or a selection window containing databases to which the user has at least READ access is displayed.

• Database ID

  • If Database ID is specified, the READ access to this database is checked.

  • If an asterisk or invalid database ID is entered, an additional selection screen appears containing only databases to which the user has at least READ access.

  • If no valid database ID is entered and the default parameter Specification DB-ID forces the user to enter one, a selection window appears containing databases to which the user has at least READ access.

• Overwrite option

  • If Overwrite option is set to Y, the user needs MODIFY access to the external object type DD.

  • If Overwrite option is set to N, the user needs only ADD access to the external object type DD.

• Verification rules

  • If Generate or Replace list verif. rules is set to Y, only the READ access for the verification object is checked; access to the file linked to the verification is not checked.

  • If Generate verif. rules is set to Y, the user needs ADD access to external object type RU.

  • If Replace verif. rules is set to Y or S, the user needs MODIFY access to external object type RU.

  • If Generate/Replace or list verif. rules is set to Y, the user needs READ access to Predict object type VE.

  • If a processing rule cannot be generated for security reasons, the function Generate DDM terminates abnormally and an error message is given. The DDM can then be regenerated without the processing rule.

• IMS databases

  • If the Parameter Generate UDFs is set to Y, the user needs ADD access to the external object type UDF.

  • If the Parameter Replace modified UDFs is set to Y, the user needs MODIFY access for object type UDF.

  • If the DDM can only be generated with UDFs and the UDFs cannot be generated for security reasons, the DDM cannot be generated.

  • Access to files of type J is not checked, because only the ID of the I file can be entered.

Verification Rule

• With the function Replace verification rule, only the READ access to the verification object is checked; the access rights to the file object are not checked.

• The User must have ADD or MODIFY access to external object type verification rule.

UDF for IMS

A database ID must be entered for this function, and the user must have READ access to this database.

Transparency Table

The file specified under Related Adabas file ID is checked for READ access.

PUNCH

READ access to the external object and the file object in Predict is checked.