Are there any plans to replace the ADASCR component entirely with the ADABAS SAF component? If so, when, and is there any documents I can review
I recall seeing a document some while back that gave the full picture of ADA SAF security replacing ADAESI which has been discontinued.
I searched for this document but unfortunately could not find it.
Ilan, ADASCR is the built-in ADABAS Security component, ADAESI / ADASAF are add-on products.
I haven’t heard about any plans to discontinue ADASCR.
Yes, I assumed they were talking about the product ADAESI since that is what is being replaced by ADASAF & not the ADASCR utility which as you say will still need even when using ADASAF.
The incorporation of ADASCR into Adabas SAF Security has been raised before. Here are the basics of that…
- Password and cipher
These can already be stored in RACF (or other external systems that allow it). This assumes that only one password and cipher exist for a file. This means password and cipher are not “carried across the wire” which is good from the tamperproofing perspective.
- ADASCR security by value (etc)
Like password/cipher this facility must be split into two parts. One part concerns the rules that govern it and the other is the internal logic to carry out the rules.
2.1 Internal logic for security by value (etc)
From a performance perspective it makes no sense to stall Adabas threads to check (through SAF) whether the user can see or not see a value. This would be a significant overhead.
2.2 Rules for security by value (etc)
It makes absolute sense for the rules to be defined in RACF (etc) and for those rules to be acquired by Adabas SAF Security at startup. This would not impede performance in any noticeable way and it would be entirely consistent with the password/cipher implementation.
I hope this helps to clarify.
My statement is: Adabas Security and Adabas SAF security are not comparable. For Adabas Security (ADASCR) Passwords are used and transferred, in ADASAF there are the security definitions user specific and are controlled via an external security system.
Adabas Security was the first security of Adabas but it is not planned to enhance this feature any more to adopt to new state-of-the-art security requirements, there are no plans to drop the support for it.
From my point of view a new security implementation should always use ADASAF and not start with ADASCR.
If you have already an established system it is your decision to renew it – this leads certainly to some capital investment, not only monetary but also from the organizational point of view and maybe adjustment of the applications. But it is nevertheless worth to think about this if you take the topic Security seriously,