Skip to main content

SAP (Sybase) ASE/IQ Hosted Applications

Connector name

agtsybctscript

Connector type

Executable

Type (UI field value)

SAP (Sybase) ASE Database (Script)

Target system versions supported / tested

Bravura Security Fabric can manage passwords for accounts defined wholly inside an SAP ASE application table space using the scripted connector for SAP ASE (agtsybctscript).

The agtsybctscript connector uses the SAP ASE OpenClient software to bind to the SAP ASE database server and issues SQL commands that you provide in a script file.

Bravura Security Fabric can perform operations on applications that have an SAP ASE back-end database by connecting to the SAP ASE DBMS server using TDS, and either directly updating user records (for example, SQL UPDATE) or by calling stored procedures.

Connector status / support

Customer-Verified

Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system.

Installation / setup

You write a script file to define SQL commands used in the interaction between the agtsybctscript connector and the SAP ASE database. A sample script, agtsycbtcript.cfg is contained in the samples directory. No software is installed on the SAP ASE server.

The following Bravura Security Fabric operations are supported by this connector:

  • user verify password

  • user change password

  • get server information

  • administrator reset password

  • administrator reset+expire password

  • expire password

  • unexpire password

  • administrator verify password

  • verify+reset password

  • enable account

  • disable account

  • check account enabled

  • create account

  • delete account

  • expire account

  • check account expiry

  • unexpire account

  • lock account

  • unlock account

  • check account lock

  • add user to group

  • delete user from group

  • create group

  • delete group

  • add group to group

  • remove group from group

  • update attributes

  • list account attributes

  • List:

    • accounts

    • attributes

    • groups

    • members

    • computer objects

    • subscribers

    • update subscriber attributes/password

For a full list and explanation of each connector operation, see Connector operations.

This connector also supports custom operations, as defined in the configuration script .

See also

Bravura Security Fabric can also manage SAP ASE database-level accounts using the connector for SAP ASE (agtsybct). See SAP (Sybase) ASE/IQ Database for details.

Preparation

Before Bravura Security Fabric can manage application accounts in a SAP ASE database, you must:

  1. Install the client software.

  2. Define a connection.

  3. Configure a target system administrator.

  4. Create at least one template account to provision accounts for this target.

  5. Write a script to configure connector behavior

    Note

    The following instructions are for SAP (Sybase) Adaptive Server Enterprise Suite version 12.5.1. Details may vary depending on your version of the software.

Installing client software

Bravura Security Fabric communicates with the SAP ASE server via the TDS protocol. Before you can target SAP ASE, you must install the Adaptive Server Enterprise PC Client software (typical install) on the Bravura Security Fabric server.

The SAP ASE 15 or later supports the DB-lib and requires libsybdb.dll to be in the system path. The SAP ASE 12.5 or earlier supports the CT-lib and requires libsybcs.dll to be in the system path.

The SAP (Sybase) client version must be the same as the SAP ASE server to which it will connect.

Defining a connection

Using the Dsedit utility on the Bravura Security Fabric server, add a connection for each SAP ASE server you want to manage. To do this:

  1. Open the Dsedit utility. This program configures your client to connect to SAP ASE instances.

  2. Another window, titled Select Directory Service, may appear depending on your client. Select InterfacesDriver, then click OK.

  3. Select Server Object > Add from the toolbar.

  4. Enter a name for the SAP ASE server and then click OK. Remember this server name, as it will be used later by Bravura Security Fabric to target the server.

  5. Double click the Server Address for the server you just added. In the Network Address Attribute window, click Add.

  6. Select TCP and then type the address to the server in the format:

    <host name>,<portnumber>

    For example, type sybase-appssrv,5000 .

    Note

    It is recommended that the Bravura Security Fabric server be rebooted after the installation of the SAP (Sybase) client software. This is to ensure that the new SAP (Sybase) environment variables are properly recognized by IIS.

See your SAP ASE documentation for more information on configuring the SAP ASE client software.

Configuring a target system administrator

Bravura Security Fabric uses a designated account (for example, psadmin) on the SAP ASE target system to manage accounts passwords. The target system administrator require SAP ASE back end database privileges that grant execution of SQL commands used in the written script.

Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the SAP ASE target system to Bravura Security Fabric .

Creating a template account

Bravura Security Fabric uses template accounts as models or "blueprints" for creating new application accounts in a SAP ASE database.

The steps required to create a template account depend on your application. Consult your systems administrator or application documentation for more information.

To learn how to create a template for SAP ASE database-level accounts, see Creating a template account .

Writing a script to configure connector behavior

You write a script file to define SQL commands used in the interaction between the agtsybctscript connector and the SAP ASE database. A sample script, agtsycbtcript . cfg is contained in the samples directory. Note that any sample script may need customizations in order to work with your system.

Learn about writing script files for SQL application connectors.

Targeting SAP (Sybase) ASE hosted applications

For each SAP ASE hosted application, add a target system (Manage the system > Resources > Target systems):

  • Type is SAP (Sybase) ASE Database (Script) .

  • Address uses:

    Server Host name or IP address

    Port Optional

    Version SAP (Sybase) ASE version number

    Script file The script file must be in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory and describes the SQL commands used in the interaction between the connector and the database.

    The SAP (Sybase) target system address syntax is as follows:

    {server=<server name>;script=<script name>;[port=<port number>;][version=<version number>;]}

  • Administrator ID and Password is the login ID and password for the target system administrator you configured earlier.

The full list of target system parameters is explained in Target system options .

Handling account attributes

In order for Bravura Security Fabric to manage attributes, you must first add the attributes to Bravura Security Fabric.

See Account attributes in the Bravura Security Fabric configuration documentation for more information.

In this section: