This section describes how to transfer Natural Security data from one system file to another. It covers the following topics:
The transfer of Natural Security data from one system file to another is only relevant if you use more than one Natural Security system file.
A Natural Security system file is specified with the Natural profile parameter FSEC (which is described in the Natural Parameter Reference documentation).
The library SYSSEC contains two programs for the transfer of Natural Security data from one system file to another: SECULD2 and SECLOAD:
SECULD2 is used to unload data from one system file to a work file.
SECLOAD is used to load the data from the work file onto the other system file.
The selection of data to be transferred is done with SECULD2. SECLOAD will always attempt to transfer the complete work file. However, SECLOAD will check whether the data to be transferred are consistent with the data already stored on the system file. Inconsistent data will not be loaded.
The programs SECULD2 and SECLOAD you use must both be of the same Natural Security version. Moreover, it is recommended that the latest available version of SECULD2 and SECLOAD be used.
An FSEC system file can be shared by all supported Natural Security versions. This means that you can continue to use an existing FSEC file and need not create a new FSEC file for a new Natural Security version. However, should you decide to use a new FSEC file for a new Natural Security version and wish to transfer existing security data to this new file, you unload/load the data using the standard SECULD2/SECLOAD transfer procedure.
Both SECULD2 and SECLOAD can only be invoked from within the library SYSSEC.
注意:
SECULD2 is the replacement of the old unloading program
SECULD.
To invoke SECULD2, you enter the command "SECULD2" in the command line of any Natural Security screen. The SECULD2 menu will be displayed.
To select the type of data to be transferred, you enter one of the following function codes on the SECULD2 menu:
Function Code | Type of Data to be Unloaded |
---|---|
* | All security data. |
D | All security data with deletion (all data will be loaded onto the work file and be deleted from the system file). |
O | Objects defined in Natural Security (users, libraries, utility profiles, etc.). |
L | Links between users and objects. |
F | Links between libraries and files (this function is only available on mainframes). |
C | Components of library profile (this function is not available on mainframes). |
P | Default profiles (user or utility profiles). |
In addition to the function code, you can specify the following on the SECULD2 menu:
Transfer |
|
||||||||
---|---|---|---|---|---|---|---|---|---|
Object Type |
If you select function code "O", "L" or "P", you also have to specify the type of object/link to be unloaded. If you select function code "C", you also have to specify the type of components (DDM profiles) to be unloaded. For a selection list of possible types, enter a question mark (?) in the Object Type field. |
||||||||
Start Value |
You can specify an ID to unload a certain object or range of objects. See also Range below. Start Value is not applicable to function codes "*" and "D". |
||||||||
Range |
This field determines how the value specified in the Start Value field is to be treated:
|
||||||||
Link ID |
This field can only be used in conjunction with function code "L". You can specify a user ID to unload only links of a certain user or range of users. To selecte a range of links, you use see Range field (see below). |
||||||||
Range |
This field can only be used in conjunction with function code "L". It determines how the value specified in the Link ID field is to be treated:
|
||||||||
Number |
You may specify the number of objects to be transferred. (This option is not applicable to function codes "*" and "D".) |
||||||||
Date from/to |
You may specify two dates to unload only objects which were created/last modified in that period of time. (This option is not applicable to function code "D".) |
||||||||
Work File |
You specify the name of the work file to which the data are to be written. If you use Work File 5, the work-file name must end with ".sag". This field is not available on mainframes. |
||||||||
Ty |
|
To invoke SECLOAD, you enter the command "SECLOAD" in the command line of any Natural Security screen. You will then be prompted to make the following specifications:
Load NSC Data from Work File 1 |
|
||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
User-Defined Conversion Table |
You can determine whether or not a conversion table is to be used (Y/N). The conversion table used is provided by the API subprogram NSCCONV, which is contained in the library SYSSEC. You can adjust the table to suit your requirements. For details, see the source of NSCCONV. |
||||||||||
Simulate Loading |
|
||||||||||
Work File | You specify the name of the work file from which the data are to
be written.
This field is not available on mainframes. |
||||||||||
Type of Work File |
|
注意:
Data which are inconsistent or which already exist on the target
system file will not be loaded. To ascertain why data were not loaded, please
refer to the load report.
With SECULD2 and SECLOAD, you can also transfer security data from one hardware platform to another.
To do so, you enter a "Y" in the Transfer field of the SECULD2 menu.
By pressing PF4, you can then invoke an additional window in which you can specify the following optional parameters:
Target Environment | The operating system (as in the Natural system variable *OPSYS) of the target environment. |
---|---|
Target FSEC DBID/FNR | The database ID and file number of the FSEC system file to which the data are to be transferred. SECLOAD will compare these specifications with the DBID/FNR of the actual FSEC file to which the data are to be loaded: if they are not the same, the data cannot be loaded. In this way, you can prevent an uncontrolled loading of security data. Otherwise anybody who got hold of the work file, could load it anywhere. |
Conversion EBCDIC-ASCII |
You can determine whether EBCDIC-ASCII conversion is to be performed (Y/N). The conversion is performed by the API subprogram NSCCONV, which is contained in the library SYSSEC. For details, see the source of NSCCONV. |
User-Defined Conversion Table |
You can determine whether or not a conversion table is to be used (Y/N). The conversion table used is provided by the API subprogram NSCCONV, which is contained in the library SYSSEC. You can adjust the table to suit your requirements. For details, see the source of subprogram NSCCONV. |
The data will then be written, in alphanumeric form, to Work File 1, from where they can be loaded with SECLOAD.
注意:
When data are transferred from a mainframe platform to another
platform, SECLOAD also checks if library IDs conform to the naming conventions
for libraries (as described under the system command
LOGON in the Natural
System Commands documentation).
Example jobs for executing SECULD2 and SECLOAD in batch mode on mainframe computers are shown below.
In this example, all users whose IDs begin with "ADE" and who were last modified between 1st January and 10th June 2008, and the library TESTLIB will be transferred to the work file CMWKF05.
//SECULD2 JOB DEMO,CLASS= ,MSGCLASS= ,REGION=2048K //********************************************************** //ULD EXEC PGM=NATBATnn, // PARM='DBID=10,FNR=5,FSEC=(,8),FDIC=(,9),IM=D,MT=0,MAXCL=0,MADIO=0' //STEPLIB DD DISP=SHR,DSN=NATURAL.Vnn.LOAD // DD DISP=SHR,DSN=ADABAS.Vnn.ADALOAD //DDCARD DD * ADARUN PROGRAM=USER,SVC=249,DATABASE=10,MODE=MULTI /* //CMPRINT DD SYSOUT=* //CMWKF05 DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD, // DCB=(RECFM=VB,LRECL=4624,BLKSIZE=4628,DEN=3),DISP=(,KEEP) //CMSYNIN DD * SYSSEC,DBA,PASSWORD SECULD2 O,N,US,ADE,*,,,,2008-01-01,2008-06-10 O,N,LI,TESTLIB,1 . FIN /*
In this example, all users whose IDs begin with "ADE" will be transferred to the work file CMWKF01. If the "Transfer" option is specified as "Y", the job must contain a line for additional parameters (see Transferring Data to Another Hardware Platform above). In this example, no additional parameter specifications are made (that is, they are either not specified or specified as "N") .
//SECULD2 JOB DEMO,CLASS= ,MSGCLASS= ,REGION=2048K //********************************************************** //ULD EXEC PGM=NATBATnn, // PARM='DBID=10,FNR=5,FSEC=(,8),FDIC=(,9),IM=D,MT=0,MAXCL=0,MADIO=0' //STEPLIB DD DISP=SHR,DSN=NATURAL.Vnn.LOAD // DD DISP=SHR,DSN=ADABAS.Vnn.ADALOAD //DDCARD DD * ADARUN PROGRAM=USER,SVC=249,DATABASE=10,MODE=MULTI /* //CMPRINT DD SYSOUT=* //CMWKF01 DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD, // DCB=(RECFM=VB,LRECL=4624,BLKSIZE=4628,DEN=3),DISP=(,KEEP) //CMSYNIN DD * SYSSEC,DBA,PASSWORD SECULD2 O,Y,US,ADE,* ,,,N,N . FIN /*
In this example, all libraries whose IDs begin with "SF" will be transferred to the work file CMWKF01. The target environment is a PC, and the database ID and file number of the target FSEC system file are 89 and 356.
//SECULD2 JOB DEMO,CLASS= ,MSGCLASS= ,REGION=2048K //********************************************************** //ULD EXEC PGM=NATBATnn, // PARM='DBID=10,FNR=5,FSEC=(,8),FDIC=(,9),IM=D,MT=0,MAXCL=0,MADIO=0' //STEPLIB DD DISP=SHR,DSN=NATURAL.Vnn.LOAD // DD DISP=SHR,DSN=ADABAS.Vnn.ADALOAD //DDCARD DD * ADARUN PROGRAM=USER,SVC=249,DATABASE=10,MODE=MULTI /* //CMPRINT DD SYSOUT=* //CMWKF01 DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD, // DCB=(RECFM=VB,LRECL=4624,BLKSIZE=4628,DEN=3),DISP=(,KEEP) //CMSYNIN DD * SYSSEC,DBA,PASSWORD SECULD2 O,Y,LI,SF,* WNT-X86,89,356,N,N . FIN /*
In this example, the data will be read from work file 5 (CMWKF05).
//SECLOAD JOB DEMO,MSGCLASS= ,CLASS= ,REGION=2048K //*************************************************** //LOAD EXEC PGM=NATBATnn, // PARM='DBID=7,FNR=23,FSEC=(,24),FDIC=(,25),EJ=OFF,MT=0,IM=D,MADIO=0,MAXCL=0' //STEPLIB DD DSN=NATURAL.Vnn.LOAD,DISP=SHR // DD DSN=ADABAS.Vnn.ADALOAD,DISP=SHR //CMPRINT DD SYSOUT=* //DDCARD DD * ADARUN PROGRAM=USER,SVC=249,DATABASE=7,MODE=MULTI /* //CMWKF05 DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD,DISP=SHR //CMSYNIN DD * SYSSEC,DBA,PASSWORD SECLOAD N,N,N FIN /*
In this example, the data will be read from work file 1 (CMWKF01).
//SECLOAD JOB DEMO,MSGCLASS= ,CLASS= ,REGION=2048K //*************************************************** //LOAD EXEC PGM=NATBATnn, // PARM='DBID=7,FNR=23,FSEC=(,24),FDIC=(,25),EJ=OFF,MT=0,IM=D,MADIO=0,MAXCL=0' //STEPLIB DD DSN=NATURAL.Vnn.LOAD,DISP=SHR // DD DSN=ADABAS.Vnn.ADALOAD,DISP=SHR //CMPRINT DD SYSOUT=* //DDCARD DD * ADARUN PROGRAM=USER,SVC=249,DATABASE=7,MODE=MULTI /* //CMWKF01 DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD,DISP=SHR //CMSYNIN DD * SYSSEC,DBA,PASSWORD SECLOAD Y,N,N FIN /*
To execute SECULD2 and SECLOAD in batch mode under UNIX or OpenVMS, you have to provide input in the batch-mode files as follows:
The input file assigned to CMSYNIN has to contain the following:
SECULD2 FIN
In the input file assigned to CMOBJIN you specify the data to be transferred; for example:
SYSSEC,DBA,PASSWORD,, O,Y,US,ADE*,,,,,2008-02-01,2008-02-28 ,,,N,N .
This example assumes that the session was started with AUTO=OFF. With AUTO=ON, you omit the user ID and password from the first line.
The result of the data transfer will be shown in the output file assigned to CMPRINT.
For general information, see the batch-mode section in the Natural Operations documentation for UNIX or OpenVMS.