Adabas SAF Security Operations and Reporting (AAFCMD)

The AAFCMD tool provides operation and reporting functions for Adabas SAF Security v8.4.1 running in an Adabas nucleus, an Adabas Audit Server, an Adabas Event Replicator Server, or an Adabas System Coordinator daemon.

AAFCMD is invoked using Natural in batch mode.

Using AAFCMD in Batch Mode
Commands
Keywords
STATS Command
LIST Command
FILES Command
RESET Command
LOGOFF Command
RESTART Command
PARMS Command
FIXES Command
AAFCMD Summary

Note:
This documentation frequently refers to a “database” as being the target of AAFCMD requests. Please note that this can be an instance of an Adabas nucleus, an Adabas Audit Server, an Adabas Event Replicator Server, or an Adabas System Coordinator daemon.

Using AAFCMD in Batch Mode

In a batch Natural environment

use AAFCMD as the program name;
define the Natural printer CMPRT01;
execute the utility from the required SYSMXvrs library.

The syntax of the AAFCMD service commands is as follows:

command [keyword(s)]

Each line of input to the Natural batch program must contain at least a command and the DBID keyword. The DBID keyword must refer to a database running Adabas SAF Security version 8.4.1. Some commands require the use of additional keywords. All combinations are defined later in this section.

The commands and keywords can be entered in any order. Extra, unnecessary keywords are ignored and listed with a warning. In the event of missing keywords, the command is not executed and the missing keywords are listed.

Note:
Depending on the configuration parameter AAFCMD on the target DBID, the AAFCMD functions may be subject to a security check on the target to make sure the user ID has access to perform the desired function. Resource names are the same as when protecting SYSAAF Online Services using a System Coordinator daemon (except that a daemon is not required here, the checking is done on the target DBID). For more information, see Resource Names for ADASAF.

Commands

The following commands can be used:

`STATS`	Displays overview information about security activity in the selected database. If the optional `USERID` is specified, the command displays statistics for the specified SAF user ID.
`LIST`	Displays all SAF user IDs that are stored in the security server for the selected database.
`FILES`	Displays cached file information for the client session associated with a given SAF user ID in the selected database.
`RESET`	Reset statistics and discard cached authorizations for a given SAF user ID in the selected database.
`LOGOFF`	Log off a given SAF user ID from the security system in the selected database. All security information is discarded.
`RESTART`	Restart the security service in the selected database. All cached security information is discarded and the security service is restarted.
`PARMS`	Displays the security parameters currently in effect for the selected database.
`FIXES`	Displays the applied Adabas SAF Security fixes to the selected database.

Keywords

The following keywords are available:

Keyword	Description
`DBID`	Mandatory for all requests and actions. The database number of the database running Adabas SAF Security for which statistics or actions are required.
`USERID`	Optional. The SAF user ID in the selected database that is the subject of the action or query.
`NUCID`	Optional. For use when the target DBID is an Adabas Cluster Services or Adabas Parallel Services instance and a specific nucleus ID is required.

STATS Command

The STATS command provides statistics at the database or daemon security service level. It is the equivalent of SYSAAF Menu option 1, System Statistics. For more information about SYSAAF option 1, see System Statistics.

If used in conjunction with the USERID keyword, STATS provides functionality equivalent to SYSAAF Menu option 2, SAF User ID statistics, sub-function S (statistics). For more information about SYSAAF Menu option 2, see SAF User ID Statistics.

Example Syntax

COMMAND	EXPLANATION
`STATS DBID=12345`	Display security service level statistics for database 12345.
`STATS DBID=12345 USERID=USER1`	Display SAF user ID level statistics for USER1 on database 12345.

LIST Command

The LIST command displays all SAF user IDs currently active on a database. It is the equivalent of SYSAAF Menu option 2, SAF User ID statistics.

For more information about SYSAAF Menu option 2, see SAF User ID Statistics.

Example Syntax

COMMAND	EXPLANATION
`LIST DBID=12345`	Display all active SAF user IDs on database 12345.

FILES Command

The FILES command displays the internal communication ID for the Adabas client session, the Cross Level ID under which the client session is operating, the effectiveness of ADASAF's cache for this client session, and the cached files and access levels currently held for the selected database for the given SAF user ID.

A SAF user ID may have more than one cache entry, for example when accessing a database from different jobs.

It is the equivalent of SYSAAF Menu option 2, SAF User ID statistics, sub-function C (cached files). For more information, see SAF User ID Cached Files (for databases)

Example Syntax

COMMAND	EXPLANATION
`FILES DBID=12345 USERID=USER2`	Display all cached file information for USER2 on database 12345.

RESET Command

The RESET command resets a SAF user ID’s statistics and discards cached authorizations.

It is the equivalent of SYSAAF Menu option 2, SAF User ID statistics, sub-function R (reset).

Example Syntax

COMMAND	EXPLANATION
`RESET DBID=12345 USERID=USER3`	Reset statistics and discard cached authorizations for USER3 on database 12345.

LOGOFF Command

The LOGOFF command logs the SAF user ID off from the security system, completely discarding all security information.

It is the equivalent of SYSAAF Menu option 2, SAF User ID statistics, sub-function L (logoff).

Example Syntax

COMMAND	EXPLANATION
`LOGOFF DBID=12345 USERID=USER4`	Log USER4 completely off the security system on database 12345.

RESTART Command

The RESTART command restarts your security service in the specified nucleus or daemon. All cached security information is discarded and security operation is restarted.

It is the equivalent of SYSAAF Menu option 6, Server Restart. For more information about SYSAAF Menu option 6, see Server Restart

Example Syntax

COMMAND	EXPLANATION
`RESTART DBID=12345`	Restart the security service in database 12345.

PARMS Command

The PARMS command displays the System Parameters in effect for the security service.

It is the equivalent of SYSAAF Menu option 8, System Parameters. For more information about SYSAAF Menu option 8, see System Parameters

Example Syntax

COMMAND	EXPLANATION
`PARMS DBID=12345`	Display the System Parameters in effect for database 12345.

FIXES Command

The FIXES command displays the applied to the database Adabas SAF Security maintenance fixes.

It is the equivalent of SYSAAF Menu option 3, Fix Display. For more information about SYSAAF Menu option 3, see Fix Display

Example Syntax

COMMAND	EXPLANATION
`FIXES DBID=12345`	Display Adabas SAF Security fixes applied to database 12345.

AAFCMD Summary

The following table lists all AAFCMD command and keyword combinations, along with the Natural program that performs the function. Natural security can be applied as required.

Command	Keywords	Program
`STATS`	`DBID=`	`A15110P`
	`DBID= NUCID=`	`A15110P`
	`DBID= USERID=`	`A15110P`
	`DBID= USERID= NUCID=`	`A15110P`
`LIST`	`DBID=`	`A15200P`
`LIST`	`DBID= NUCID=`	`A15200P`
`FILES`	`DBID= USERID=`	`A15300P`
`FILES`	`DBID= USERID= NUCID=`	`A15300P`
`RESET`	`DBID= USERID=`	`A15400P`
`RESET`	`DBID= USERID= NUCID=`	`A15400P`
`LOGOFF`	`DBID= USERID=`	`A15500P`
`LOGOFF`	`DBID= USERID= NUCID=`	`A15500P`
`RESTART`	`DBID=`	`A15600P`
`RESTART`	`DBID= NUCID=`	`A15600P`
`PARMS`	`DBID=`	`A15700P`
`PARMS`	`DBID= NUCID=`	`A15700P`
`FIXES`	`DBID=`	`A15800P`
`FIXES`	`DBID= NUCID=`	`A15800P`