バージョン 4.2.5
 —  Natural Security  —

Transferring Security Data To Another System File

This section describes how to transfer Natural Security data from one system file to another. It covers the following topics:


General Information on Security Data Transfer

The transfer of Natural Security data from one system file to another is only relevant if you use more than one Natural Security system file.

A Natural Security system file is specified with the Natural profile parameter FSEC (which is described in the Natural Parameter Reference documentation).

The library SYSSEC contains two programs for the transfer of Natural Security data from one system file to another: SECULD2 and SECLOAD:

The selection of data to be transferred is done with SECULD2. SECLOAD will always attempt to transfer the complete work file. However, SECLOAD will check whether the data to be transferred are consistent with the data already stored on the system file. Inconsistent data will not be loaded.

The programs SECULD2 and SECLOAD you use must both be of the same Natural Security version. Moreover, it is recommended that the latest available version of SECULD2 and SECLOAD be used.

An FSEC system file can be shared by all supported Natural Security versions. This means that you can continue to use an existing FSEC file and need not create a new FSEC file for a new Natural Security version. However, should you decide to use a new FSEC file for a new Natural Security version and wish to transfer existing security data to this new file, you unload/load the data using the standard SECULD2/SECLOAD transfer procedure.

Both SECULD2 and SECLOAD can only be invoked from within the library SYSSEC.

注意:
SECULD2 is the replacement of the old unloading program SECULD.

Top of page

Using SECULD2

To invoke SECULD2, you enter the command "SECULD2" in the command line of any Natural Security screen. The SECULD2 menu will be displayed.

To select the type of data to be transferred, you enter one of the following function codes on the SECULD2 menu:

Function Code Type of Data to be Unloaded
*   All security data.
D   All security data with deletion (all data will be loaded onto the work file and be deleted from the system file).
O   Objects defined in Natural Security (users, libraries, utility profiles, etc.).
L   Links between users and objects.
F   Links between libraries and files (this function is only available on mainframes).
C   Components of library profile (this function is not available on mainframes).
P   Default profiles (user or utility profiles).

In addition to the function code, you can specify the following on the SECULD2 menu:

Transfer  
With this option, you specify to which work file the selected data are to be written:
Y The data will be written to Work File 1 in alphanumeric form (this is the default for non-mainframe environments). Work File 1 can be used for any form of transfer supported by SECULD2/SECLOAD.
N The data will be written to Work File 5 in binary form (this is the default for mainframe environments). Work File 5 can only be used if the data are to be transferred to another system file on the same hardware platform.
Object Type  

If you select function code "O", "L" or "P", you also have to specify the type of object/link to be unloaded.

If you select function code "C", you also have to specify the type of components (DDM profiles) to be unloaded.

For a selection list of possible types, enter a question mark (?) in the Object Type field.

Start Value

You can specify an ID to unload a certain object or range of objects.

See also Range below.

Start Value is not applicable to function codes "*" and "D".

Range

This field determines how the value specified in the Start Value field is to be treated:

  • If you leave the Range field blank, the value in the Start Value field will be treated as an actual start value; that is, the range of objects to be unloaded will begin with the one whose object ID begins with to the value specified as Start Value.

  • If you enter an asterisk (*) in the Range field, the range of objects to be unloaded will comprise only those whose object IDs begin with the value specified as Start Value.

  • If you enter a plus sign (+) in the Range field, the range of objects to be unloaded will consist only of the one whose object ID is specified as Start Value - or, in the case of links, will include only those whose object ID is specified as Start Value.

Link ID

This field can only be used in conjunction with function code "L". You can specify a user ID to unload only links of a certain user or range of users.

To selecte a range of links, you use see Range field (see below).

Range

This field can only be used in conjunction with function code "L". It determines how the value specified in the Link ID field is to be treated:

  • If you leave the Range field blank, the value in the Link ID field will be treated as an actual start value; that is, the range of links to be unloaded will begin with the one whose user ID corresponds to the value specified as Link ID.

  • If you enter an asterisk (*) in the Range field, the range of links to be unloaded will only include those whose user IDs begin with the value specified as Link ID.

  • If you enter a plus sign (+) in the Range field, the range of links to be unloaded will only include those whose user ID corresponds to the value specified as Link ID.

Number  

You may specify the number of objects to be transferred.

(This option is not applicable to function codes "*" and "D".)

Date from/to  

You may specify two dates to unload only objects which were created/last modified in that period of time.

(This option is not applicable to function code "D".)

Work File  

You specify the name of the work file to which the data are to be written.

If you use Work File 5, the work-file name must end with ".sag".

This field is not available on mainframes.

Ty
The type of work file:
D Default.
N Entire Connection work file.
This field is not available on mainframes.

Top of page

Using SECLOAD

To invoke SECLOAD, you enter the command "SECLOAD" in the command line of any Natural Security screen. You will then be prompted to make the following specifications:

Load NSC Data from Work File 1
Y The data will be read from Work File 1 (this is the default for non-mainframe environments).
N The data will be read from Work File 5 (this is the default for mainframe environments).
User-Defined Conversion Table

You can determine whether or not a conversion table is to be used (Y/N).

The conversion table used is provided by the API subprogram NSCCONV, which is contained in the library SYSSEC. You can adjust the table to suit your requirements. For details, see the source of NSCCONV.

Simulate Loading  
This option can be used to ascertain whether all data from the work file can be loaded, before you actually load them. When this function is executed, the data are loaded into the system file, and then, upon completion of the function, immediately deleted from it again.

When activating this function, you select what type of load report you want as a result of the simulation:

N Simulation not active.
A Simulation with load report listing All records.
R Simulation with load report listing only Rejected records.
L Simulation with load report listing only Loadable records.
Work File   You specify the name of the work file from which the data are to be written.

This field is not available on mainframes.

Type of Work File
D Default.
N Entire Connection work file.
This field is not available on mainframes.

注意:
Data which are inconsistent or which already exist on the target system file will not be loaded. To ascertain why data were not loaded, please refer to the load report.

Top of page

Transferring Data to Another Hardware Platform

With SECULD2 and SECLOAD, you can also transfer security data from one hardware platform to another.

To do so, you enter a "Y" in the Transfer field of the SECULD2 menu.

By pressing PF4, you can then invoke an additional window in which you can specify the following optional parameters:

Target Environment   The operating system (as in the Natural system variable *OPSYS) of the target environment.
Target FSEC DBID/FNR   The database ID and file number of the FSEC system file to which the data are to be transferred. SECLOAD will compare these specifications with the DBID/FNR of the actual FSEC file to which the data are to be loaded: if they are not the same, the data cannot be loaded. In this way, you can prevent an uncontrolled loading of security data. Otherwise anybody who got hold of the work file, could load it anywhere.
Conversion EBCDIC-ASCII

You can determine whether EBCDIC-ASCII conversion is to be performed (Y/N).

The conversion is performed by the API subprogram NSCCONV, which is contained in the library SYSSEC. For details, see the source of NSCCONV.

User-Defined Conversion Table

You can determine whether or not a conversion table is to be used (Y/N).

The conversion table used is provided by the API subprogram NSCCONV, which is contained in the library SYSSEC. You can adjust the table to suit your requirements. For details, see the source of subprogram NSCCONV.

The data will then be written, in alphanumeric form, to Work File 1, from where they can be loaded with SECLOAD.

注意:
When data are transferred from a mainframe platform to another platform, SECLOAD also checks if library IDs conform to the naming conventions for libraries (as described under the system command LOGON in the Natural System Commands documentation).

Top of page

Transferring Data in Batch Mode

SECULD2/SECLOAD in Batch Mode on Mainframes

Example jobs for executing SECULD2 and SECLOAD in batch mode on mainframe computers are shown below.

Example 1 of SECULD2 Job:

In this example, all users whose IDs begin with "ADE" and who were last modified between 1st January and 10th June 2008, and the library TESTLIB will be transferred to the work file CMWKF05.

//SECULD2 JOB DEMO,CLASS= ,MSGCLASS= ,REGION=2048K 
//********************************************************** 
//ULD      EXEC PGM=NATBATnn, 
// PARM='DBID=10,FNR=5,FSEC=(,8),FDIC=(,9),IM=D,MT=0,MAXCL=0,MADIO=0'
//STEPLIB  DD DISP=SHR,DSN=NATURAL.Vnn.LOAD 
//         DD DISP=SHR,DSN=ADABAS.Vnn.ADALOAD
//DDCARD   DD * 
ADARUN PROGRAM=USER,SVC=249,DATABASE=10,MODE=MULTI 
/* 
//CMPRINT  DD SYSOUT=* 
//CMWKF05  DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD, 
// DCB=(RECFM=VB,LRECL=4624,BLKSIZE=4628,DEN=3),DISP=(,KEEP) 
//CMSYNIN  DD * 
SYSSEC,DBA,PASSWORD 
SECULD2 
O,N,US,ADE,*,,,,2008-01-01,2008-06-10 
O,N,LI,TESTLIB,1 
. 
FIN
/*

Example 2 of SECULD2 Job:

In this example, all users whose IDs begin with "ADE" will be transferred to the work file CMWKF01. If the "Transfer" option is specified as "Y", the job must contain a line for additional parameters (see Transferring Data to Another Hardware Platform above). In this example, no additional parameter specifications are made (that is, they are either not specified or specified as "N") .

//SECULD2 JOB DEMO,CLASS= ,MSGCLASS= ,REGION=2048K 
//********************************************************** 
//ULD      EXEC PGM=NATBATnn, 
// PARM='DBID=10,FNR=5,FSEC=(,8),FDIC=(,9),IM=D,MT=0,MAXCL=0,MADIO=0'
//STEPLIB  DD DISP=SHR,DSN=NATURAL.Vnn.LOAD 
//         DD DISP=SHR,DSN=ADABAS.Vnn.ADALOAD
//DDCARD   DD * 
ADARUN PROGRAM=USER,SVC=249,DATABASE=10,MODE=MULTI 
/* 
//CMPRINT  DD SYSOUT=* 
//CMWKF01  DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD, 
// DCB=(RECFM=VB,LRECL=4624,BLKSIZE=4628,DEN=3),DISP=(,KEEP) 
//CMSYNIN  DD * 
SYSSEC,DBA,PASSWORD 
SECULD2 
O,Y,US,ADE,* 
,,,N,N 
. 
FIN
/*

Example 3 of SECULD2 Job:

In this example, all libraries whose IDs begin with "SF" will be transferred to the work file CMWKF01. The target environment is a PC, and the database ID and file number of the target FSEC system file are 89 and 356.

//SECULD2 JOB DEMO,CLASS= ,MSGCLASS= ,REGION=2048K 
//********************************************************** 
//ULD      EXEC PGM=NATBATnn, 
// PARM='DBID=10,FNR=5,FSEC=(,8),FDIC=(,9),IM=D,MT=0,MAXCL=0,MADIO=0'
//STEPLIB  DD DISP=SHR,DSN=NATURAL.Vnn.LOAD 
//         DD DISP=SHR,DSN=ADABAS.Vnn.ADALOAD
//DDCARD   DD * 
ADARUN PROGRAM=USER,SVC=249,DATABASE=10,MODE=MULTI 
/* 
//CMPRINT  DD SYSOUT=* 
//CMWKF01  DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD, 
// DCB=(RECFM=VB,LRECL=4624,BLKSIZE=4628,DEN=3),DISP=(,KEEP) 
//CMSYNIN  DD * 
SYSSEC,DBA,PASSWORD 
SECULD2 
O,Y,LI,SF,*
WNT-X86,89,356,N,N 
. 
FIN
/*

Example 1 of SECLOAD Job:

In this example, the data will be read from work file 5 (CMWKF05).

//SECLOAD JOB  DEMO,MSGCLASS= ,CLASS= ,REGION=2048K 
//*************************************************** 
//LOAD     EXEC PGM=NATBATnn, 
// PARM='DBID=7,FNR=23,FSEC=(,24),FDIC=(,25),EJ=OFF,MT=0,IM=D,MADIO=0,MAXCL=0'
//STEPLIB  DD DSN=NATURAL.Vnn.LOAD,DISP=SHR 
//         DD DSN=ADABAS.Vnn.ADALOAD,DISP=SHR 
//CMPRINT  DD SYSOUT=* 
//DDCARD   DD * 
ADARUN PROGRAM=USER,SVC=249,DATABASE=7,MODE=MULTI 
/* 
//CMWKF05  DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD,DISP=SHR 
//CMSYNIN  DD * 
SYSSEC,DBA,PASSWORD 
SECLOAD 
N,N,N
FIN
/*

Example 2 of SECLOAD Job:

In this example, the data will be read from work file 1 (CMWKF01).

//SECLOAD JOB  DEMO,MSGCLASS= ,CLASS= ,REGION=2048K 
//*************************************************** 
//LOAD     EXEC PGM=NATBATnn, 
// PARM='DBID=7,FNR=23,FSEC=(,24),FDIC=(,25),EJ=OFF,MT=0,IM=D,MADIO=0,MAXCL=0'
//STEPLIB  DD DSN=NATURAL.Vnn.LOAD,DISP=SHR 
//         DD DSN=ADABAS.Vnn.ADALOAD,DISP=SHR 
//CMPRINT  DD SYSOUT=* 
//DDCARD   DD * 
ADARUN PROGRAM=USER,SVC=249,DATABASE=7,MODE=MULTI 
/* 
//CMWKF01  DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD,DISP=SHR 
//CMSYNIN  DD * 
SYSSEC,DBA,PASSWORD 
SECLOAD 
Y,N,N
FIN
/*

SECULD2/SECLOAD in Batch Mode under UNIX and OpenVMS

To execute SECULD2 and SECLOAD in batch mode under UNIX or OpenVMS, you have to provide input in the batch-mode files as follows:

The input file assigned to CMSYNIN has to contain the following:

SECULD2
FIN

In the input file assigned to CMOBJIN you specify the data to be transferred; for example:

SYSSEC,DBA,PASSWORD,,
O,Y,US,ADE*,,,,,2008-02-01,2008-02-28
,,,N,N
.

This example assumes that the session was started with AUTO=OFF. With AUTO=ON, you omit the user ID and password from the first line.

The result of the data transfer will be shown in the output file assigned to CMPRINT.

For general information, see the batch-mode section in the Natural Operations documentation for UNIX or OpenVMS.

Top of page