ADABAS and NATURAL Security Options

Overview of Security Options

The ADABAS DBMS offers security options through both ADABAS and NATURAL. To protect your ADABAS data, you can use either form of security, or you can have both work together.

ADABAS Security Options

ADABAS provides a security facility to prevent unauthorized access to data stored in ADABAS files. Security is available through password protection and by maintaining data in enciphered form.

passwords

provide protection at the ADABAS file level, data field level, and data value level. These security options are defined with the SECURITY utility ADASCR and are stored in the ADABAS Security system file.

To access an ADABAS file protected by a password, you must provide the valid password. Each data field in an ADABAS file can be assigned up to fifteen levels of read and update security. A user password specifies the authority for the data field, and ADABAS automatically determines whether you are authorized to perform the requested operation. If the permission level of a password is equal to or greater than the permission level for the file that you are trying to access, access is granted. Any ADABAS file can be protected on individual data field values. In this case, the password specifies value restrictions on logical records to be selected, read, and updated.

cipher codes

are simple numeric codes that you can assign using the ADACMP utility when creating an ADABAS file. Ciphering renders data records unreadable when they are not displayed with an ADABAS program or utility. You must supply this cipher code in order to access the enciphered data.

Note: System information such as DDM and NATURAL SECURITY information is also stored in ADABAS files; they also can be password-protected or enciphered.

NATURAL Security Options

NATURAL provides an optional security system that controls the access and use of the NATURAL environment. You can restrict the use of whole application systems, individual programs and functions, and the access to DDMs.

Security is accomplished by defining objects and the relationships among these objects. There are three objects that you need to be familiar with when accessing data through NATURAL DDMs with the SAS/ACCESS interface: users, libraries, and files.

users

can be people, computers, or groups of either, with assigned identifiers. The user identifier identifies you to NATURAL SECURITY and controls user activity during a NATURAL session. The identifier is unique to NATURAL and can be up to eight characters long. Each user identifier can have an associated eight-character password.

libraries

contain sets of NATURAL source programs, object modules, or both that perform a particular function, with assigned identifiers. Stored in the library data are the ADABAS passwords or cipher codes to enable NATURAL programs to work with ADABAS Security. The library identifier identifies the library and the ADABAS file it is authorized to access to NATURAL SECURITY. The identifier is unique to NATURAL and can be up to eight characters long.

files

are the NATURAL DDMs based on ADABAS files.

Relationships, called Links, are defined among these objects. These links define which users can use a library and which files a library are accessible. The users, libraries, files, and links are all stored in the NATURAL Security system file, which can also be protected with an ADABAS password or cipher code since it is an ADABAS file. For example, one user identifier and library might be able to access a DDM for read only, while another user identifier and library might be able to read and update the same DDM.