バージョン 4.2.5
 —  Natural Security  —

Protecting Libraries

This section describes how to control the access of users to protected libraries. It covers the following topics:


Protected Libraries

A library may be protected by specifying the values of "People-protected" and "Terminal-protected" in the General Options column of the library's security profile.

Protection Combinations

The possible combinations of "People-protected" and "Terminal-protected" are listed below:

Protection Explanation
People: N
Terminal: N
The library is not protected. It may be used by any person from any terminal. The terminal need not be defined to Natural Security. The user must be defined to Natural Security. The user ID must be entered on the logon screen in order to be able to log on to the library.
People: L
Terminal: N

This is identical to the above combination - with the following addition: Although the library is not protected, it is possible to link a group to the library. Only one group can be linked to the library, and the link must be a special link. This special link only applies to users of type "A" contained in the group. This feature is only intended to allow administrators different access to an unprotected library for maintenance purposes. (The special link to such a library can only be established via the function "Link users to library" which is invoked from the Library Maintenance selection list.)

注意:
When an administrator processes the library's contents with a Natural utility under a condition under which the Utilities option in the library profile would apply, Natural Security will react as if this option were set to "N".

People: Y
Terminal: N
The library may be used only by persons who are linked to the library or are in a group that is linked to the library. It may be used from any terminal. The terminal need not be defined to Natural Security. The user (and the group if need be) must be defined to Natural Security. The user ID must be entered on the logon screen in order to be able to log on to the library.
People: N
Terminal: Y
The library may be used by any person, but it may only be used from a terminal which is defined to Natural Security and is contained in a group which is linked to the library. No user ID is required on the logon screen to log on to the library.
People: Y
Terminal: Y
The library may be used either by people linked to the library or from a terminal which is contained in a group which is linked to the library. In other words, by entering his or her user ID on the logon screen, a linked person may use the library from any terminal; people who are not linked to the library may only use the library from a linked terminal.
People: Y
Terminal: A
The library may be used only by people from linked terminals: The person must be defined to Natural Security and must be in a group which is linked to the library (or may be linked directly, if user type "A" or "P"); the terminal must also be defined to Natural Security, and it must be contained in a group which is linked to the library. The user ID and library ID must be entered on the logon screen in order to be able to log on to the library.
People: P
Terminal: N
This combination only applies to private libraries in public mode. The user with the same ID as the library ID may use the library without requiring a link to it. Otherwise, this combination is identical to "People: Y, Terminal: N" (see above).
People: P
Terminal: Y
This combination only applies to private libraries in public mode. The user with the same ID as the library ID may use the library without requiring a link to it. Otherwise, this combination is identical to "People: Y, Terminal: Y" (see above).
People: P
Terminal: A
This combination only applies to private libraries in public mode. The user with the same ID as the library ID may use the library without requiring a link to it. Otherwise, this combination is identical to "People: Y, Terminal: A" (see above).
People: N
Terminal: A
This combination is not possible!
People: L
Terminal: Y
This combination is not possible!
People: L
Terminal: A
This combination is not possible!

Changing a Protection Combination

Please take care when you alter an existing combination of "People-protected" and "Terminal-protected". If the alteration results in a "lower" protection level, certain links will automatically be cancelled by Natural Security according to the following rules:

Change from to Effect on Links
any protection combination People: N
Terminal: N
All existing links to the library will be cancelled.
any protection combination People: N
Terminal: Y
All direct links of ADMINISTRATORs and PERSONs will be cancelled; links of GROUPs to the library will remain.
any protection combination People: Y
Terminal: N
No links will be cancelled.
any protection combination People: Y
Terminal: Y
No links will be cancelled.
People:    N
Terminal: Y
People: Y
Terminal: Y
No links will be cancelled. However, all people contained in GROUPs which are linked to the library may now also log on the library!

Protecting a Private Library

The user with the same user ID as the library ID always has access to his/her private library.

In public mode, other users' access to someone's private library is determined by the settings of the fields "People-protected" and "Terminal-protected" in the security profile of the private library. Possible values for the field "People-protected" are "P" (which is the default value, and which corresponds to "Y" in other library profiles) and "N" (which is the same as in other library profiles). Possible values for the field "Terminal-protected" are the same as for other libraries (Y, N or A). The possible protection combinations are described above.

In private mode, no other user has access to someone else's private library.

Top of page

Linking Users to Libraries

To allow a user access to a protected library, a link has to be established between the user and the library.

Only users of types ADMINISTRATOR, PERSON, and GROUP can be linked to a library.

Users of types ADMINISTRATOR and PERSON can be linked to a library either directly or via a GROUP.

Users of types MEMBER and TERMINAL can be linked to a library only via a GROUP; that is, they must be assigned to a GROUP, and the GROUP be linked to the library.

Two functions are available to establish and maintain links between users and libraries:

Both functions are described below.

Linking a Single User to Libraries

The function "Link user to libraries" is used to link one user to one or more libraries.

On the User Maintenance selection list, you mark the user you wish to link with function code "LL".

A window will be displayed, providing the following options:

Then, the Link User To Libraries selection list will be displayed, showing the list of libraries.

The list includes all protected libraries; that is, if you link a user of type PERSON or ADMINISTRATOR, the list includes all libraries with "People-protected" set to "Y"; if you link a user of type GROUP, the list includes all libraries with at least one of the two protection values set to "Y".

The list can be scrolled as described in the section Finding Your Way in Natural Security.

On the list, you mark the libraries to which you wish to link the given user.

In the "Co" column, you may mark each library with one of the following function codes (possible code abbreviations are underlined):

Code Function
LK  

Link - The user may use the library with the security profile of the library being in effect.

SL  

Special Link - The user may use the library with a special security profile to be defined for the link; the link profile will take precedence over the library profile. For details on special links, see Special Links below.

CL  

Cancel - An existing link or special link will be cancelled.

TL  

Temporarily Locked - An existing link or special link will be suspended until it is re-establishd. A suspended link or special link can be re-established by marking the library concerned with "LK" or "SL" again. When a special link is re-established, the original link security profile will be re-established, too.

DL  

Display Special Link - The security profile of an existing special link between the user and the library will be displayed.

DI

Display Library - The security profile of the library will be displayed.

LD  

Modify DDM Restrictions in Special Link Profile
(This function is not available on mainframe computers. It corresponds to function "MD" as described under Creating And Maintaining DDM Profiles in the section Protecting DDMs On UNIX, OpenVMS and Windows).

You can mark one or more libraries on the screen with a function code. For each library marked, the selected functions will then be executed one after another. When processing is completed, a message will be displayed stating the link situation now in effect for each library.

Linking Multiple Users to a Library

The function "Link user to libraries" is used to link one or more users to one library.

On the Library Maintenance selection list, you mark the library to which you wish to link users with code "LU".

A window will be displayed, providing the following options:

Then, the Link Users To Library selection list will be displayed, showing the list of users.

The list includes all users of types GROUP, ADMINISTRATOR, and PERSON.

The list can be scrolled as described in the section Finding Your Way in Natural Security.

On the list, you mark the users you wish to be linked to the given library.

In the "Co" column, you may mark each user with one of the following function codes (possible code abbreviations are underlined):

Code Function
LK  

Link - The user may use the library with the security profile defined for the library being in effect.

SL  

Special Link - The user may use the library with a special security profile to be defined for the link; the link profile will take precedence over the library profile. For details on special links, see Special Links below.

CL  

Cancel - An existing link or special link will be cancelled.

TL  

Temporarily Locked - An existing link or special link will be suspended until it is re-establishd. A suspended link or special link can be re-established by marking the user concerned with "LK" or "SL" again. When a special link is re-established, the original link security profile will be re-established, too.

DL  

Display Special Link - The security profile of an existing special lik between the user and the library will be displayed.

DI

Display User - The security profile of the user will be displayed.

LD

Modify DDM Restrictions in Special Link Profile
(This function is not available on mainframe computers. It corresponds to function "MD" as described under Creating And Maintaining DDM Profiles in the section Protecting DDMs On UNIX, OpenVMS And Windows).

You can mark one or more users on the screen with a function code. For each user marked, the selected functions will then be executed one after another. When processing is completed, a message will be displayed stating the link situation now in effect for each user.

Special Links

If a library security profile determines the conditions under which the library may be used generally, the special link security profile determines the conditions under which the user (or group of users) thus linked may use the library. This means that by using special links you may define for different users different conditions of use of the same library.

Creating a Special Link

If you mark a user/library with "SL", you may define the security profile for this Special Link on the screens which will be displayed. The default settings which will appear on the Special Link security profile screens are taken from the security profile of the library.

The items you may define as part of a Special Link security profile correspond with the items you may define as part of a library security profile (see Components of a Library Profile in the section Library Maintenance).

Modifying a Special Link

To modify an existing Special Link security profile, mark the respective user/library with "SL" again on the Link Users To Library or Link User To Libraries screen: the Special Link security profile screen will then be invoked for modification.

Displaying a Special Link

To view the security profile of a Special Link, mark the respective user/library with "DL" on the Link Users To Library or Link User To Libraries screen: the Special Link security profile screen will then be displayed.

Top of page

Which Conditions of Use are in Effect?

When a user logs on to a protected library, Natural Security will execute a number of checks to determine under which conditions the user may use the library. If none of the checks are positive, the logon will be rejected.

The following checks will be executed in the following order:

Library Protection Checks Performed
1.
People: Y
Terminal: N

First: Check whether the user is linked directly to the library; if the user is linked with a special link, the conditions defined in the special link security profile will be in effect; if the user is linked with an ordinary link, the conditions defined in the library security profile will be in effect.

Second: Check whether the user is in a group which is linked to the library; if the user is contained in more than one group, these groups will be checked in the following order: first the "privileged groups" in the user's security profile will be checked in order of entry, then the other groups will be checked in alphabetical order; the first linked group found will be selected; if the group is linked with a special link, the conditions defined in the special link security profile will be in effect; if the group is linked with an ordinary link, the conditions defined in the library security profile will be in effect.

2.
People: N
Terminal: Y

Check whether the terminal is in a group which is linked to the library; if the terminal is contained in more than one group, these groups will be checked in the following order: first the "privileged groups" in the terminal's security profile will be checked in order of entry, then the other groups will be checked in alphabetical order; the first linked group found will be selected; if that group is linked with a special link, the conditions defined in the special link security profile will be in effect; if that group is linked with an ordinary link, the conditions defined in the library security profiles will be in effect.

3.
People: Y
Terminal: Y

If the user logs on with a user ID, the same checks as under 1. will be executed.

If the user logs on without specifying a user ID, the same checks as under 2. will be executed.

4.
People: Y
Terminal: A
The same checks as under 1. will be executed.

注意:
The terminal must be in a group which is linked to the library, but the conditions of use are determined by the user's link.

PROFILE Command

When logged on to a library, a user may enter the Natural system command PROFILE to ascertain which conditions of use are currently in effect.

When you enter the PROFILE command, the Security Profile screen is displayed, showing the following information:

User
ID The user's ID.
Name The user's name.
Type The user type.
Link ID

The current value of the Natural system variable *GROUP.

An asterisk (*) next to the ID indicates that the group's/user's link to the current library is a Special Link.

ETID The current value of the Natural system variable *ETID.
Library  
ID The ID of the current library.
Name The name of the current library.
Steplibs The steplibs of the current library.
Transactions  
Startup The current value of the Natural system variable *STARTUP.
Restart The name of the restart transaction.
Error The current value of the Natural system variable *ERROR-TA.

Additional Options

If you mark the field "Additional Options" on the Security Profile screen with "Y" or press PF4, a window will be displayed from which you can select the following items of information:

The options where something is defined for the current user are marked with a plus sign (+).

You can select one or more items from the window by marking them with any character. For each item selected, an additional window/screen will be displayed (in the order of the items in the selection window).

Utility Access Rights

If you press PF5, the NSC Utility Access Rights window will be displayed, providing an overview of the utility functions which you are allowed to use in each library.

Top of page