Chapter Contents
Previous
Next
SAS/ACCESS Interface to ADABAS Software

Security Options

The ADABAS DBMS offers security options through both ADABAS and NATURAL. To protect your ADABAS data, you can use either form of security, or you can have both work together.

ADABAS Security Options

ADABAS provides a security facility to prevent unauthorized access to data stored in ADABAS files. Security is available through password protection and by maintaining data in enciphered form.
passwords provide protection at the ADABAS file level, data field level, and data value level. These security options are defined with the SECURITY utility ADASCR and are stored in the ADABAS SECURITY system file.

To access an ADABAS file protected by a password, you must provide the valid password. Each data field in an ADABAS file can be assigned up to fifteen levels of read and update security. A user password specifies the authority for the data field, and ADABAS automatically determines whether the user is authorized to perform the requested operation. If the permission level of a user's password is equal to or greater than the permission level for the file the user is trying to access, access is granted. Any ADABAS file can be protected on individual data field values. In this case, the password specifies value restrictions on logical records to be selected, read, and updated.

cipher codes are simple numeric codes that you can assign using the ADACMP utility when creating an ADABAS file. Ciphering renders data records unreadable when they are displayed with a non-ADABAS program or utility. You must supply this cipher code in order to access the enciphered data.

Note:   System information such as DDM and NATURAL SECURITY information is also stored in ADABAS files; they too can be password-protected or enciphered.  [cautionend]

NATURAL SECURITY

NATURAL provides an optional security system that controls the access and use of the NATURAL environment. You can restrict the use of whole application systems, individual programs and functions, and the access to DDMs.

Security is accomplished by defining objects and the relationships among these objects. There are three objects that you need to be familiar with when accessing data through NATURAL DDMs with the SAS/ACCESS interface: users, libraries, and files.
users can be people, terminals, or groups of either, with assigned identifiers. The user identifier identifies the user to NATURAL SECURITY and controls user activity during a NATURAL session. The identifier is unique to NATURAL and can be up to eight characters long. Each user identifier can have an associated eight-character password.
libraries contain sets of NATURAL source programs and/or object modules that perform a particular function, with assigned identifiers. Stored in the library data are the ADABAS passwords or cipher codes to allow NATURAL programs to work with ADABAS Security. The library identifier identifies the library and the ADABAS file it is authorized to access to NATURAL SECURITY. The identifier is unique to NATURAL and can be up to eight characters long.
files are the NATURAL DDMs based on ADABAS files.

Relationships, called LINKS, are defined among these objects. These links define which users are allowed to use a library and which files a library is allowed to access. The users, libraries, files, and links are all stored in the NATURAL SECURITY system file, which can also be protected with an ADABAS password or cipher code since it is an ADABAS file. For example, one user identifier and library may be able to access a DDM for read only, while another user identifier and library may be able to read and update the same DDM.


Chapter Contents
Previous
Next
Top of Page

Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.