This section covers the following topics:
Before you use Natural Security in batch mode, you should be familiar with the general considerations concerning the use of Natural in batch mode as described in the Natural Operations documentation.
Please also observe the batch-mode particularities of the underlying operating system.
If you want to process a job in batch mode under Natural Security, the Natural system
variable *DEVICE must be set to BATCH.
This section contains information on:
When you use Natural Security in batch mode, the logon procedure is started
automatically. Input for the LOGON command must be provided
as follows:
%* library-ID,user-ID,password
library-ID user-ID %* password
In forms mode, the library-ID must be 8 bytes long; if it is less than 8 characters long, the remaining bytes must be filled with blanks.
The input mode on z/OS is set with the Natural profile parameter IM (see Natural Parameter
Reference documentation).
The specification of %* prevents the password from being printed.
If the logon procedure is to be initialized via dynamic parameters, the
LOGON command must be specified with the profile parameter
STACK as follows:
STACK=(LOGON library-ID user-ID password)
If no input data are specified for the LOGON command, the
Natural batch session will be terminated.
Note:
Under Windows in batch mode, the map LOGONM1 instead of the dialog box
GLOGONM1 is displayed as logon screen.
To change the password in batch mode, input for the LOGON
command must be provided as follows:
%* library-ID,user-ID,password,new-password %* ,,,new-password
library-ID user-ID %* password new-password %* new-password
For forms mode, library-ID and password must be 8 bytes long; if they are shorter, the remaining bytes must be filled with blanks. The new-password in the last line must be preceded by 8 blanks.
If you use automatic logon (Natural profile parameter AUTO=ON) in batch
mode, the value of the Natural system variable *INIT-USER will be taken as
user ID. By default, *INIT-USER in batch mode contains the name of the
batch job under which the Natural session. A user security profile for this batch job
name must be defined in Natural Security. A logon with another user ID is not
possible.
On z/OS computers under z/OS, the value of *INIT-USER is determined by the parameter
USERID in the Natural z/OS batch interface. Depending on the setting of
this parameter, this value can be supplied by the security access control block (ACEE)
of the security package being used (for example, RACF or ACF2), or by the
USER parameter in the job card.
When you log on to a library in batch mode, the setting of the switch Batch execution in the library security profile determines whether the startup transaction specified in the library security profile will be executed or not. See Transactions (under Components of a Library Security Profile in the section Library Maintenance) for details.
When you log on in batch mode, it depends on the setting of the general option Suppress mailboxes in batch mode (see Administrator Services) whether mailboxes are displayed or not.
In addition to creating security profiles for users of types A,
P, M, G and T, you can also create
user security profiles of type B (for "batch"). They are created
in the same way as other user security profiles (see Adding a New User in the
section User Maintenance) You can then enter the user ID of such a
batch user in the field Batch User ID of a user security profile.
Before a batch user ID can be entered in a user security profile, a security profile for this batch user ID must have been defined.
Several users may share the same batch user ID; that is, the same batch user ID can be entered in the security profiles of several users. Thus, the same conditions of use can apply to several users in batch mode, and these conditions have to be defined only once.
A batch user ID cannot be used for a logon in online mode.
In batch mode, a user logs on with his/her "normal" user ID and password. Natural Security will then use the batch user ID specified in the user's security profile, and the conditions of use defined for that batch user ID will apply.
If no batch user ID is specified in the user's security profile, the Privileged Groups specified in the user's security profile will be checked (in order of entry) for a batch user ID. If none of the Privileged Groups has a batch user ID either, the user's own user ID will be used.
A batch user security profile cannot be linked directly to a library, it must be linked via a Group; that is, it must be contained in a Group, and the Group be linked to the library.
Countersignatures cannot be processed in batch mode. This means that security profiles which require a countersignature for maintenance permission are excluded from batch-mode processing.
