Security for non-web (Natural) application

We want to prevent unauthorised persons from accessing the Tamino database. I understand that if the db is called mydb and I set up a group with the name mydb, then unauthorised users will be part of that group. I have added an ACL that restricts access to the collection and connected it to group mydb. This works fine. Now my problem is: I have a Natural application accessing mydb. How do I code the _process statement with a user id that will allow access to mydb? Obviously the user id is defined to a group that has an ACL with ‘full’ rights.

Hallo Priscilla,

First a few words to the default group (in your case the mydb group). This group contains all users. Like with all other groups you can define access rights and authorise or unauthorise the users of this group (which are all users) to do something or nothing with a resource. What I try to say is that the default group will not be unauthorised in each case.

The following example from the Natural 5.1.1 online help shows how to send user-id and password via the REQUEST DOCUMENT statement:

USER #User PASSWORD #Password
PAGE #Resultxml

For more information please refer to the online help or the Natural example programs in the Natural libraries/Natural programs:

hope it helps
regards Eckehard

Thanks for showing me a piece of the puzzle - I confess the last place I thought of looking was in the documentation of the REQUEST DOCUMENT. The other piece of the puzzle I have now found in the ‘Security’ discussion list - my apologies for putting this question in the wrong place. There I found the instructions on how to set up authorization in Apache.