The Predict Security System controls access to a Predict environment using security definitions stored in a Natural Security file.
An individual environment can be defined for each user or group of users and protected against unauthorized access.
This document covers the following topics:
When a user logs on to a library, the Link ID is determined as follows:
If the user is linked directly to the library, the link ID is the same as the user ID.
If the user is linked to the library indirectly as member of a group, the link ID is the group ID.
See your Natural Security documentation for more information.
This file contains the security definitions used by the Predict Security System for protecting objects against unauthorized access.
In terms of Predict security, an instance of an external object type.
In terms of Predict security, an external object type is a class of objects to be protected. The following external object types are available for protecting Predict data:
PRD-Docu-Object
PRD-Ext-Object
PRD-Function
PRD-3GL-Library
Predict Security means the following:
the external object types in Natural Security, for example PRD-Docu-Object
the security profiles defined to limit access to instances of external object types.
A security definition in Natural Security.
Predict Security is realized with the Software AG product Natural Security. This product allows you to
define the persons who can process the protected objects
define the objects to be protected
Predict transfers the administrative functions listed above to Natural Security. A security object is a security definition valid for one of the following data types:
All object types
Documentation object types, either predefined or user-defined
Subtype of a predefined object type (for example file of type Adabas)
All objects of an object type or subtype
Range of documentation objects (for example all files that start with USER1)
Fully qualified documentation object (for example file USER1-FI-ADA2)
Retrieval Model
Association Type
Object Type
Implementation Plan
External object type (for example DDMs)
Entire group of functions, for example Special Functions
Individual functions, for example Special Function Reposition implementation data.
XRef data in all 3GL libraries
XRef data in a range of 3GL libraries
XRef data in a fully qualified 3GL library
When a Predict function is called, an internal Predict routine generates an Natural Security call. This call checks the security definitions in Natural Security for
the current link ID
the function the user wants to execute
the data the user wants to access.
The Security Check does not depend on whether Natural Security is installed. The Predict parameter Protect current Predict file in the General Defaults > Protection screen determines whether Predict Security is called. This parameter can be defined for each FDIC file.
The system checks whether the current user is authorized to logon to library SYSDIC.
If the user does not have the necessary access rights, the system behavior depends on the type of security conflict:
If the user does not have access to a function, the function is not executed and an error message appears.
If the user executes a retrieval function and does not have READ access to certain objects or object types, the system behavior depends on whether the retrieval function was implicitly or explicitly limited by attributes or restrictions:
Retrieval function not limited by restrictions or
attributes: Only the ID of the read-protected object with the remark
>>>protected<<<
is output.
Retrieval function limited by restrictions or attributes: Objects are suppressed completely.
See Retrieval.
If the user executes a function other than retrieval and has insufficient access to an object or object type, the function is not executed and an error message is given.
Example: User has MODIFY but no DELETE access to objects of type file. He cannot delete files.
For more information see the section Handling Protected Objects in Predict in this documentation.
With the command DISSEC, users can display their own individual security definitions that have been defined for them by the Security Administrator. This command can be entered in the command line from any point within Predict.
This command corresponds to the Special Function Maintain NSC Definitions > Display NSC Definitions. See Maintain NSC Definitions in the section Special Functions in the Predict Administration documentation.