As explained in the section Natural Security On Different Platforms, the protection of DDMs with Natural Security is different on mainframe computers from that on other platforms. This section describes how to control the use of DDMs (files) on mainframe computers. The control of DDMs on other platforms is described in the section Protecting DDMs On Linux And Windows.
This section covers the following topics:
In Natural Security on mainframe computers, DDMs are called "files". To define DDMs to Natural Security, you use the File Maintenance functions of Natural Security.
A DDM must have been generated (in Predict, or with the Natural utility SYSDDM), before it can be defined as a file to Natural Security.
The following type of screen is the "basic" file security profile screen, which is displayed when you invoke one of the functions Add, Copy, Modify, Display for a file security profile:
10:25:36 *** Natural Security *** 2022-09-09 - Modify File - File ID .. EMPLOYEES Modified .. 2022-09-09 by SAG DBID ..... 10 FNR ...... 16 Status ... PUBL (PUBL, ACCE, PRIV) -- DDM Modifiers -- ________ _ ________ _ ________ _ ________ _ ________ _ ________ _ ________ _ ________ _ Additional Options ... N Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12--- Help PrevM Exit AddOp Flip Canc |
The individual items you may define as part of a file security profile are explained below.
Field | Explanation |
---|---|
File ID (display only) | The ID by which the file is defined to Natural Security
and for which a DDM exists in the Natural system file.
The file ID by which a file is defined to Natural Security must be identical to that of the DDM. A file ID may be up to 32 characters long and must be unique among all file IDs defined to Natural Security. |
DBID / FNR (display only) | The database ID and file number of the database file referenced by the DDM. These values are taken from the DDM and written into the security profile. |
Status | You may set the file status to one of the
following:
When you create a file security profile, the file status
will, by default, be set to |
DDM Modifiers | You may enter up to eight IDs of users; only these users
will then be allowed to maintain the DDM in Predict (or with Natural's SYSDDM
utility). If you do not specify any DDM modifier, the owners of the security
profile (see Additional
Options below) may maintain the DDM. If neither DDM
modifiers nor owners are specified, maintenance of the DDM is not restricted.
Next to the ID of each DDM modifier, you may optionally specify a number from 1 to 3; this number determines how many of the other DDM modifiers specified must countersign for maintenance permission (the countersignature logic which applies to DDM maintenance permission is analogous to that of owners and co-owners as described in the section Countersignatures). |
The file status of a file may be one of the following:
PUBL |
PUBLIC: The file is not protected. It may be read and updated by any library. |
---|---|
ACCE |
ACCESS: The file is protected as far as update is concerned. It may be read by any library. However, it may be updated only by libraries that have been linked to the file. |
PRIV |
PRIVATE: The file is protected. It may be accessed only by libraries that are linked to it. A link to a PRIVATE file may be specified as "read"(that is, read only) or "update" (which implies read). |
The check whether a program may use a file is done when the program is compiled.
The following diagram illustrates the possible relationships between libraries and files in dependence of the file type:
To allow a library access to a file with status PRIVATE or ACCESS, a link has to be established between the library and the file. For information on how to link libraries to files, see Linking Libraries to Files below.
If you mark the field Additional Options on the basic security profile screen with "Y", a window will be displayed from which you can select the following options:
Maintenance Information
Security Notes
Owners
The options for which something has already been specified or defined are marked with a plus sign (+).
You can select one or more items from the window by marking them with any character. For each item selected, an additional window will be displayed:
Additional Option | Explanation |
---|---|
Maintenance Information (display only) | The following information is displayed:
|
Security Notes | You may enter your notes on the security profile. |
Owners | You may enter up to eight IDs of administrators. Only
the administrators specified here will be allowed to maintain this file
security profile or link libraries to it. If no owner is specified, any user of
type "Administrator" may maintain and link the security profile.
For each owner, the number of co-owners whose countersignatures will be required for maintenance/link permission may optionally be specified in the field after the ID. For an explanation of owners and co-owners, see the section Countersignatures . |
This section describes the functions used to create and maintain file profiles. It covers the following topics:
To invoke file maintenance:
On the Main Menu, select Maintenance.
A window will be displayed.
In the window, mark the object type File with a character or with the cursor.
The File Maintenance selection list will be displayed.
From this selection list, you invoke all file maintenance functions as described below.
When you invoke File Maintenance, a list of all files that have been defined to Natural Security will be displayed.
If you do not want a list of all existing files but would like only certain files to be listed, you may use the Start Value and Type/Status options as described in the section Finding Your Way In Natural Security.
On the Main Menu, select Maintenance. A window will be displayed.
In the window, mark the object type File with a character or with the cursor (and, if desired, type in a start value and/or file status). The File Maintenance selection list will be displayed:
12:50:20 *** Natural Security *** 2022-09-09 - File Maintenance - Co File ID Status Message __ ________________________________ ______ _____________________ __ ANGLOFILE PUBL __ AUTOMOBILES PUBL __ CLIENTES PUBL __ DELINCUENTES PUBL __ EMPLEADOS PUBL __ FAHRZEUGE PRIV __ FINANCE PUBL __ IMPUESTOS PUBL __ INVOICE PUBL __ MITARBEITER PUBL __ NAILFILE PUBL __ NEWFILE PUBL __ OLDFILE PUBL __ OTRASCOSAS PUBL __ PRO-FILE PUBL Command ===> Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12--- Help Exit Flip - + Canc |
For each file, the file ID and file status are displayed.
The list can be scrolled as described in the section Finding Your Way In Natural Security.
If you wish to list only DDMs of a specific status, you can specify one of the following selection criteria in the Status field above the list:
PUBL |
All DDMs of status PUBLIC. |
---|---|
ACCE |
All DDMs of status ACCESS. |
PRIV |
All DDMs of status PRIVATE. |
DEFI |
Defined; that is, all DDMs of status
PRIV , ACCE , and PUBL (*).
|
UNDF |
Undefined; that is, all DDMs whose status is not
PRIV , ACCE or PUBL (*).
|
DDM |
All defined and undefined DDMs (*). |
NDDM |
DDM security profiles for which no corresponding DDMs exist (*). |
* This is not an actual DDM status, but for selection purposes only.
The default status for selection is DDM
; that is,
all DDMs will be listed.
The following file maintenance functions are available (possible code abbreviations are underlined):
Code | Function |
---|---|
AD |
Add file |
CO |
Copy file |
MO |
Modify file |
DE
|
Delete file |
DI |
Display file |
LL
|
Link libraries to file |
To invoke a specific function for a file, mark the file with the appropriate function code in column Co.
You may select various files for various functions at the same time; that is, you can mark several files on the screen with a function code. For each file marked, the appropriate processing screen will be displayed. You may then perform for one file after another the selected functions.
This function is used to define DDMs to Natural Security, that is, create new file security profiles.
To do so:
On the Main Menu, select Maintenance.
A window will be displayed.
In the window, mark object type File
with a character, and enter UNDF
in the
Type/Status field (and, if desired, enter a start
value).
The File Maintenance selection list will be displayed, listing all files with file status "Undefined" (that is, all DDMs that have been generated but not yet been defined to Natural Security).
The list can be scrolled as described in the section Finding Your Way In Natural Security.
On the File Maintenance selection list,
mark the DDM for which you wish to create a file security profile with function
code AD
.
The Add File screen will be displayed.
The individual items you may define on this screen and any additional windows that may be part of a file security profile are described under Components of a File Profile.
When you add a file, the owners specified in your own user security profile are automatically copied into the file security profile.
This function is used to define a new file to Natural Security by creating a security profile which is identical to an already existing file security profile.
All components of the existing security profile will be copied into the new file security profile - except:
the file number and database ID (these are taken from the DDM),
the owners (these will be copied from your own user security profile into the new file security profile).
Whether any links are copied depends on whether you choose to copy with or without links (see below).
On the File Maintenance selection list,
mark the file whose security profile you wish to duplicate with function code
CO
.
A window will be displayed in which you specify the following:
Field | Explanation |
---|---|
To file | Enter the ID of the "new" file. |
With links | Enter "Y" or "N". With this option, you can, in addition to the file profile, also copy its links; see Copying With Links below. |
The Copy File screen will be displayed, showing the new security profile.
Its components you may define are described under Components of a File Profile.
If you select With Links = N, any links of libraries to the existing file will not apply to the new file.
If you select With Links = Y, any links of libraries to the existing file are copied for the new file, and you have the option to cancel the links you wish not to apply for the new file. The procedure is as follows:
Once you have made any changes to the copied file profile and then leave the Copy File screen by pressing PF3, a list of libraries is displayed: it contains all libraries linked to the existing file.
On the list, you may mark individual libraries with
CL
to cancel any links you wish not to apply for the new
file. All libraries you do not mark will automatically be linked to the new
file in the same manner - read or update link - as the existing file.
This function is used to change an existing file security profile.
To do so:
On the File Maintenance selection list,
mark the file whose security profile you wish to change with function code
MO
.
The security profile of the selected file will be displayed.
Its components which you may define or modify are described under Components of a File Profile.
This function is used to delete an existing file security profile.
To do so:
On the File Maintenance selection list,
mark the file you wish to delete with function code DE
.
The Delete File window will be displayed.
If you decide against deleting the file security profile, leave the window by pressing ENTER without having typed in anything.
To delete the file security profile, enter the file's ID in the window to confirm the deletion.
When you delete a file, all existing links to the file will also be deleted.
When you delete a file security profile, the DDM itself will not be deleted. The file ID will remain in the File Maintenance selection list with the file status set to "Undefined".
If a DDM is uncataloged in SYSDDM, deleted with SYSMAIN, or
scratched in SYSDIC
(Predict), the corresponding Natural Security
file profile will automatically be deleted.
If you mark more than one file with DE
, a window will
be displayed in which you are asked whether you wish to confirm the deletion of
each file security profile by entering the file's ID, or whether all files
selected for deletion are to be deleted without this individual confirmation.
Be careful not to delete a file accidentally.
This function is used to display an existing file security profile.
To do so:
On the File Maintenance selection list,
mark the file whose security profile you wish to view with function code
DI
.
The security profile of the selected file will be displayed. Its components are described under Components of a File Profile.
To allow a library access to a file, a link has to be established between the library and the file.
Two functions are available to establish and maintain these links:
a Library Maintenance function to link one library to one or more files,
a File Maintenance function to link one or more libraries to one file.
Both functions are described below. Possible link types are summarized at the end of this section.
For information on links to private-mode libraries, see Private-Mode Libraries in the section Protecting the Natural Development Environment in Eclipse.
The Library Maintenance function "Link Library to Files" displays a list of files with file status ACCESS and PRIVATE. On the list you mark the files to which you wish to link the given library.
To do so:
On the Library Maintenance selection
list, mark the library you wish to link with function code LF
.
A window will be displayed, providing the following options:
Start value - You can enter a start value (as described in the section Finding Your Way in Natural Security) for the list of files to be displayed.
Selection criterion - N = none: all files will be listed; L = linked: only files to which the library is already linked will be listed; U = unlinked: only files to which the library is not yet linked will be listed.
Then the Link Library To Files selection list will be displayed, showing the list of files.
The list can be scrolled as described in the section Finding Your Way In Natural Security.
In the Co column, you may mark each file with one of the following function codes (possible code abbreviations are underlined):
Code | Function |
---|---|
RE
|
Read-Link - The library thus linked may only read the file, but not update it. |
UP
|
Update-Link - The library thus linked may read and update the file. |
CL
|
Cancel - An existing link will be cancelled. |
DI |
Display File - The file security profile will be displayed. |
You can mark one or more files with a function code.
For each file marked, the selected functions will be executed one after another. When processing is completed, a message will be displayed stating the link situation now in effect between the library and each file.
The File Maintenance function "Link Libraries to File" displays a list of libraries that have been defined to Natural Security. On the list you mark the libraries you wish to be linked to the given file.
To do so:
On the File Maintenance selection
list, mark the file to which you wish to link libraries with function code
LL
.
A window will be displayed, providing the following options:
Start value - You can enter a start value (as described in the section Finding Your Way in Natural Security) for the list of libraries to be displayed.
Libraries/Private libraries - L = the list will include either all libraries including private ones (if private libraries are used in public mode) or all libraries except private ones (if private libraries are used in private mode); U = the list will include only users' private libraries.
Selection criterion - N = none: all libraries will be listed; L = linked: only libraries which are already linked to the file will be listed; U = unlinked: only libraries which are not yet linked to the file will be listed.
Then the Link Libraries To File selection list will be displayed, showing the list of libraries.
The list can be scrolled as described in the section Finding Your Way In Natural Security.
In the Co column, you may mark each library with one of the following function codes (possible code abbreviations are underlined):
Code | Function |
---|---|
RE
|
Read-Link - The library thus linked may only read the file, but not update it. |
UP
|
Update-Link - The library thus linked may read and update the file. |
CL
|
Cancel - An existing link will be cancelled. |
DI |
Display Library - The library security profile will be displayed. |
You can mark one or more libraries with a function code.
For each library marked, the selected functions will be executed one after another. When processing is completed, a message will be displayed stating the link situation now in effect between the file and each library.
A link can only be established to a PRIVATE or ACCESS file. No link is required to read or update a PUBLIC file.
A link to a PRIVATE file can be specified as read-link
(RE
) or update-link (UP
).
A link to an ACCESS file can only be specified as update-link
(UP
); no link is required to read an ACCESS file.
The following figure shows all possible link types: