A user definition consists of an authorization table in which you can authorize access to functions for classes of Natural ISPF objects, as well as of default settings on user profiles (PF key assignments, short names for libraries, magic characters, Editor profile, user defaults). All characteristics of the user profile are modifiable by the user. Authorization tables are modifiable only by authorized users.
This document provides information on the following topics:
Natural ISPF allows for three different types of user definition:
Single users:
You can create a separate definition for a specific user ID;
User groups:
You can create a definition for a group of users. You can choose one
of the following methods for associating user IDs with certain groups:
Prefix Method
Derivation from Natural Security
These are explained in the subsection User Group Definitions.
Default definition (user'*'):
It is highly recommended to create a definition for the asterisk (*).
This can be seen as a definition for a null prefix: users are assigned this
definition if they log on with a user ID that is not specifically defined and
for which there is neither a prefix definition nor a Natural Security group
definition.
Note:
Without a default definition (*), an undefined user ID to which no
prefix definition applies is granted full authorization for the system.
In the case of the prefix method, a user is assigned the definition which most closely matches that user's ID. The following table illustrates how some example user IDs are assigned definitions:
| Definition | Assigned to user ID: |
|---|---|
* |
U1 |
S* |
S1 |
SY* |
SY1 |
You can modify the default user definition, and add and modify single user and group (prefix) definitions at any time.
You can enter the user definition facility in any of two ways:
Select the USER option on the Administrator Menu to
display the User Entry Panel. You can specify a function command in the command
line and parameters in the input fields (see the following subsection);
You can access user definitions from any Natural ISPF screen using function command syntax. See the subsection Maintaining User Definitions with Function Commands.
You can create a definition for a group of users. By setting
APPLYMOD 101 to an appropriate value you can select one of the
following methods for associating user IDs with certain groups:
In this case, a definition for a prefix applies for all user IDs
matching that prefix, except for those users for which the corresponding
profile item has been defined specifically. For example, the definition for the
ID SAG* applies to all user IDs that start with SAG
and have no unique definition.
The following flow diagram illustrates the internal handling for the prefix method when a user logs on:
Note:
Without a default definition (*), an undefined user ID to which no
prefix definition applies is granted full authorization for the system. When
installing Natural ISPF and setting up the system, you must therefore define at
least a default definition (*) to control access to the system (see the
subsection Maintaining User
Definitions).
In this case, a definition made for an ID that has been defined as a user group in Natural Security will be used as a default definition that applies for all members of that group, except for those users for which the corresponding profile item has been explicitly defined.
If a user is a member of several groups, Natural ISPF will first search privileged groups in the specified order and then non-privileged groups in alphabetical order.
The following flow diagram illustrates the internal handling for the Natural Security (NSC) method when a user logs on:
Note:
If a user is a member of more than 20 groups, only the first 20 will
be evaluated in the above context.
If you select the USER option from the Administrator Menu,
the User Entry Panel appears:
---------------------------- USER - ENTRY PANEL -------------------------------
COMMAND ===>
User ===> *
Profile type ===> ( A,K,L,C,E,D,B,Y,N,O)
Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12---
Help Split End Suspe Rfind Rchan Up Down Swap Left Right Curso
|
Meaning of the input fields:
| Field | Meaning | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
User |
User ID of user definition to be maintained. You
can also enter the asterisk wildcard (*) to list all user definitions, or
ABC* to list all definitions beginning with
ABC.
|
||||||||||||||||||||||||
Profile type |
|
||||||||||||||||||||||||
Note:
The Profile type field is not used as selection
criterion for the LIST command. It is used to select
sections of the user profile for EDIT,
DELETE or COPY
operations. The whole profile can be selected for
COPY and DELETE
operations by entering the asterisk wildcard (*) in this field.
The user authorization table (characteristic A) can only be
modified by users authorized to access configuration functions. All other
characteristics are modifiable by the user and are described in detail in the
section Profile
Maintenance in the Natural ISPF User's
Guide. You can access them here to maintain the default settings.
Once you have entered the specified user definition, you can scroll the
profile sections using the UP and
DOWN commands (usually assigned to PF7
and PF8 respectively).
To access the user authorization table for a user profile, specify the
profile name (user ID, group ID, prefix followed by the wildcard *, or wildcard
* only) in the User field and A in the Profile
type field. The authorization table for the specified definition
appears, for example:
--------------------- EDIT USER BRY , Byrone, Rinaldi ------------------------
COMMAND ==>
Authorization Class Level Main Menu ===>
Natural programming ==> 9
PDS Maintenance ==> 9
Data Sets Maintenance ==> 9 + --- COMMANDS LEVEL REMINDER ---- +
SYSOUTS ==> 9 ! Lvl Command Abbreviation !
System info ==> 9 ! --- -------------------- !
Active jobs ==> 9 ! 1 - L,B,ZP,XT,I,ET,DI,DF,RU,XE !
Operator commands ==> 9 ! EX,OT,FR,DW,CR,BPSTAT !
NSPF Administrator ==> 9 ! 2 - E,R,SB,PL,PR,CP,A,CT,U,FL !
PANVALET ==> 9 ! ST,CC,RL,HL,DS,UP !
LIBRARIAN ==> 9 ! 3 - D,PG,CH,NSPR,GENN !
USER defined ==> 9 ! 4 - CM,OPER !
! !
! !
! !
+----------------------------------+
Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12---
Help Split End Suspe Rfind Rchan Up Down Swap Left Right Curso
|
The above authorization table could be in place for user definitions in a z/OS environment that includes CA Panvalet.
Header
The header line contains the function (EDIT
USER) and the user ID invoked.
Main Menu
The field labelled Main Menu contains the name of the
menu displayed when the user logs on to Natural ISPF. The default menu is the
Main Menu, MAIN (see the section Menu Maintenance).
Authorization class
The column headed Authorization Class contains a list of
items that correspond to Natural ISPF objects and certain administration
functions. The classes displayed correspond to the subsystem(s) installed at
your site. For a list of possible classes, see
Authorization
Classes at the end of this documentation.
The extent to which the user is authorized for each class of objects is determined by the authorization level.
Authorization level
The column headed Level contains the numerical
identifier of the level to which the user is authorized for the corresponding
class of objects. An authorization level is a command or group of commands
defined in the window headed Commands Level Reminder. Typing a
level number against a class of objects authorizes the user to issue these
commands for the class of objects. The lowest possible level is blank or 0
(zero) and means that the corresponding object option does not appear on the
user's Main Menu. The highest possible level is 9 and includes all commands on
Levels 1-9.
Command Level Reminder
This window tells you which commands belong to which level. The
abbreviations correspond to the valid abbreviations of the respective commands
as follows:
| Level 1 Abbreviation | Function |
|---|---|
L |
LIST |
B |
BROWSE |
ZP |
ZAPS |
XT |
EXTERNS |
I |
INFORMATION |
ET |
EXTENTS |
DI |
DIFFERENCE |
DF |
DEFINITION |
RU |
RUN |
XE |
EXECUTE |
EX |
EXPORT |
OT |
OUTPUT |
FR |
FORMAT |
DW |
DOWNLOAD |
CR |
COMPARE |
BPSTAT |
BPSTAT |
DEFB |
DEFBS2PROF
(BS2000 general defaults)
|
DEFS |
DEFSUBPROF
(BS2000 submit defaults)
|
| Level 2 Abbreviation | Function |
|---|---|
E |
EDIT |
R |
RENAME |
SB |
SUBMIT |
PL |
PLAY |
PR |
PRINT |
CP |
COPY |
A |
ALLOCATE |
CT |
CATALOG |
U |
UNCATALOG |
FL |
FOLLOW |
ST |
STATUS
|
CC |
Condition codes |
RL |
RELEASE |
HL |
HOLD |
DS |
DESCRIPTION |
UP |
UPLOAD |
| Level 3 Abbreviation | Function |
|---|---|
D |
DELETE |
PG |
PURGE |
CH |
CHANGE |
NSPR |
Natural ISPF parameters |
GENN |
Generate command processor |
| Level 4 Abbreviation | Function |
|---|---|
CM |
COMPRESS |
OPER |
Issue operator commands |
You can update an authorization by modifying the Main Menu name and/or modifying the authorization level for one or more classes.
For example, if you type 0 in the authorization level field
for the Natural class, the user cannot access Natural objects; this option will
not appear on his Main Menu when he logs on, and he cannot use direct commands
for Natural objects.
If you type 1 in the authorization level field for the
SYSOUT class, the user can perform browse functions on job SYSOUTs, but he
cannot perform any other operations. Whether the JOBS option
appears on that user's Main Menu depends on the system authorization level for
the option (see the section Menu
Maintenance).
If an option does not appear on the user's Main Menu but the user is authorized for some functions on the object type, he or she can use appropriate direct commands.
To save user authorizations, issue the END
command (usually assigned to PF3 ) after having modified any value
on the screen.
Below is an example of a default authorization table (*):
-------------------------------- EDIT USER * ----------------------------------
COMMAND ==>
Authorization Class Level Main Menu ===> NULL
Natural programming ==>
PDS Maintenance ==>
Data Sets Maintenance ==> + --- COMMANDS LEVEL REMINDER ---- +
SYSOUTS ==> ! Lvl Command Abbreviation !
System info ==> ! --- -------------------- !
Active jobs ==> ! 1 - L,B,ZP,XT,I,ET,DI,DF,RU,XE !
Operator commands ==> ! EX,OT,FR,DW,CR,BPSTAT !
NSPF Administrator ==> ! 2 - E,R,SB,PL,PR,CP,A,CT,U,FL !
PANVALET ==> ! ST,CC,RL,HL,DS,UP !
LIBRARIAN ==> ! 3 - D,PG,CH,NSPR,GENN !
USER defined ==> ! 4 - CM,OPER !
! !
! !
! !
+----------------------------------+
Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12---
Help Split End Suspe Rfind Rchan Up Down Swap Left Right Curso
|
Explanation: Since all authorization levels are blank (zeroes),
undefined users who do not belong to a prefix group cannot execute any secured
function, and they will be presented with menu NULL when they log
on to Natural ISPF (see the section Menu
Maintenance for an example of menu NULL).
Notes:
END command or by pressing PF3 without
having modified any of the values on the screen, the authorization table of the
individual user specified will not be updated. From this scenario, you cannot
even be sure if the authorization table displayed has been defined for the user
explicitly or if it has been inherited from a prefix definition or from a
(Natural Security-based) user group definition. To be certain that a user has
an individual authorization table, look at the list of Natural ISPF users: all
users with an individual authorization table will be listed with
Auth next to user ID and last access date.
Natural ISPF users are separate objects within Natural ISPF with object
type USR. This means that you (and other authorized users) can
maintain user definitions with function command syntax entered from any system
screen.
The available function commands are:
| Command | Object Parameter Syntax |
|---|---|
LIST |
user-id
|
EDIT |
user-id
TYPE=t |
DELETE |
user-id
TYPE=t |
COPY |
user-id
TYPE=t,target-user-id,REP |
| Parameter | Function | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
user-id |
Can be a specific user ID, a prefix notation or the default definition (*). | ||||||||||||||||||||||||
t |
|
||||||||||||||||||||||||
target-user-id |
New user definition to be created or replaced. | ||||||||||||||||||||||||
REP |
Specify to replace target definition, if it already exists. | ||||||||||||||||||||||||
Notes:
USR after the command keyword.
The following examples are provided below:
The command:
EDIT USR SAG* TYPE=K
displays the PF key table assigned to all users with prefix
SAG. You can modify this table. The update is performed every time
you press the ENTER key, provided the screen contains valid update
data. You can leave the screen with the command END
(usually assigned to PF3).
The command:
DELETE USR *
deletes the default definition (*). Note that without a default definition, any undefined user for whom there is no prefix definition receives full authorization at logon.
The command:
COPY USR MBE TYPE=Y
can be used to copy the layout definition of object lists from one user to another. The following window opens:
+---------------------------------------------------+ ! ! ! Copy User MBE Section: LAYOUT ! ! to User ! ! Replace NO ! ! Enter to perform , PF3 to exit ! +---------------------------------------------------+ |
Enter the user ID of the recipient user in the to User input field to
copy the layout definitions from user MBE. All list layouts
defined by user MBE are copied. For details on list layout, see
the section LAYOUT
Command for Lists in the section Useful
Features of the Natural ISPF User's Guide.
The command:
LIST USR *
lists all Natural ISPF users, for example:
LIST-USR:* -------------------------------------- Row 0 of 15 - Columns 010 076
COMMAND===> SCROLL===> CSR
USER DATE DEFINED CHARACTERISTICS
** ******************************** top of list *******************************
* *Edited Auth,Edit,Default,Char,
BRY 94/12/13 Auth,Edit,Key,Natural,
GW 94/12/08
HHH Edit,
JWO 94/12/13 Auth,Edit,Default,Char,Key,Color,Natural,Lib,
JWOAB Default,
MAK 94/11/12 Default,Key,
MSE 94/12/09
MZC 94/12/13 Auth,Edit,Default,Char,Key,Layout,Natural,Lib,
MZCC 94/10/27 Auth,Edit,Default,Char,Key,Lib,
SML 94/12/09
UHE 94/10/11 Auth,
WHE 94/10/17
WKK 94/12/01
WOS 94/11/23
** ****************************** bottom of list ******************************
Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12---
Help Split End Suspe Rfind Rchan Up Down Swap Left Right Curso
|
The list contains all users who have logged on Natural ISPF, as well as all defined user definitions (authorization tables and profile sections).
Meaning of the column headings:
| Column | Meaning | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
USER |
User ID, user prefix or *. Each user appears in the list after first logon | ||||||||||||||||||||||||
DATE |
Date the user logged on to Natural ISPF last. | ||||||||||||||||||||||||
DEFINED CHARACTERISTICS |
|
||||||||||||||||||||||||
A user characteristic attains defined status when you create or modify it for the user ID, or when a user modifies any characteristic in his or her user profile while working with Natural ISPF.
You can select any user or definition from the list with the
E (EDIT),
CP (COPY) or
D (DELETE) line command
entered in the input field preceding the user ID. The
EDIT option allows you to modify the user's command
authorization table as described above, and any profile setting as described in
the section Profile
Maintenance in the Natural ISPF User's
Guide.