Version 4.2.6 for Mainframes
 —  Natural Security  —

Natural Security In Batch Mode

This section covers the following topics:


General Information on Batch Mode

Before you use Natural Security in batch mode, you should be familiar with the general considerations concerning the use of Natural in batch mode as described in the Natural Operations documentation.

Please also observe the batch-mode particularities of the underlying operating system.

If you want to process a job in batch mode under Natural Security, the Natural system variable *DEVICE must set to "BATCH".

Top of page

Logon in Batch Mode

This section contains information on:

Logon Input Data in Batch Mode

When you use Natural Security in batch mode, the logon procedure is started automatically. Input for the LOGON command must be provided as follows:

On mainframes in delimiter mode (IM=D), and on all other platforms:

%* 
library-ID,user-ID,password

On mainframes in forms mode (IM=F):

library-ID user-ID
%*
password

In forms mode, the library-ID must be 8 bytes long; if it is less than 8 characters long, the remaining bytes must be filled with blanks.

The input mode on mainframes is set with the Natural profile parameter IM (which is described in the Natural Parameter Reference documentation).

The specification of "%*" will prevent the password from being printed.

If the logon procedure is to be initialized via dynamic parameters, the LOGON command must be specified with the profile parameter STACK as follows:

STACK=(LOGON library-ID user-ID password)

If no input data are specified for the LOGON command, the Natural batch session will be terminated.

Note:
Under Windows in batch mode, the map LOGONM1 instead of the dialog box GLOGONM1 is displayed as logon screen.

Password Change in Batch Mode

To change the password in batch mode, input for the LOGON command must be provided as follows:

On mainframes for delimiter mode (IM=D), and on all other platforms:

%*
library-ID,user-ID,password,new-password
%*
,,,new-password

On mainframes for forms mode (IM=F):

library-ID user-ID
%*
password new-password
%*
new-password

For forms mode, library-ID and password must be 8 bytes long; if they are shorter, the remaining bytes must be filled with blanks. The new-password in the last line must be preceded by 8 blanks.

Automatic Logon in Batch Mode

If you use automatic logon (Natural profile parameter AUTO=ON) in batch mode, the value of the Natural system variable *INIT-USER will be taken as user ID. By default, *INIT-USER in batch mode contains the name of the batch job under which the Natural session. A user profile for this batch job name must be defined in Natural Security. A logon with another user ID is not possible.

On mainframe computers under z/OS, the value of *INIT-USER is determined by the parameter USERID in the Natural z/OS batch interface. Depending on the setting of this parameter, this value can be supplied by the security access control block (ACEE) of the security package being used (for example, RACF or ACF2), or by the USER parameter in the job card.

Startup Transaction in Batch Mode

When you log on to a library in batch mode, the setting of the switch "Batch execution" in the library security profile determines whether the startup transaction specified in the library security profile will be executed or not. See Transactions (under Components of a Library Profile in the section Library Maintenance) for details.

Mailboxes in Batch Mode

When you log on in batch mode, it depends on the setting of the general option "Suppress mailboxes in batch mode" (as explained in in the section Administrator Services) whether mailboxes are displayed or not.

Top of page

Batch User Security Profiles

In addition to creating security profiles for users of types "A", "P", "M", "G" and "T", you can also create user security profiles of type "B" (for "batch"). They are created in the same way as other user security profiles (see Adding a New User in the section User Maintenance) You can then enter the user ID of such a batch user in the field "Batch User ID" of a user security profile.

Before a batch user ID can be entered in a user security profile, a security profile for this batch user ID must have been defined.

Several users may share the same batch user ID; that is, the same batch user ID can be entered in the security profiles of several users. Thus, the same conditions of use can apply to several users in batch mode, and these conditions have to be defined only once.

A batch user ID cannot be used for a logon in online mode.

In batch mode, a user logs on with his/her "normal" user ID and password. Natural Security will then use the batch user ID specified in the user's security profile, and the conditions of use defined for that batch user ID will apply.

If no batch user ID is specified in the user's security profile, the "Privileged Groups" specified in the user's security profile will be checked (in order of entry) for a batch user ID. If none of the Privileged Groups has a batch user ID either, the user's own user ID will be used.

A batch user profile cannot be linked directly to a library, it must be linked via a GROUP; that is, it must be contained in a GROUP, and the GROUP be linked to the library.

Top of page

Countersignatures in Batch Mode

Countersignatures cannot be processed in batch mode. This means that security profiles which require a countersignature for maintenance permission are excluded from batch-mode processing.

Top of page