This section covers the following topics:
The Retrieval subsystem of Natural Security may be used to retrieve information on the objects defined to Natural Security and on the existing relationships between these objects. It allows you to review the existing security profile definitions and their effects.
With Retrieval, you cannot do any Natural Security maintenance; you may only look at things.
On the Main Menu, you enter code "R" for "Retrieval".
A window will be displayed. In the window, you mark an object type with a character or with the cursor (and, if you wish, use the Start Value and Type/Status options as described in the section Finding Your Way In Natural Security).
The selection list for that object type will be displayed.
The list can be scrolled as described in the section Finding Your Way In Natural Security).
From the list, you can invoke the following retrieval functions (possible code abbreviations are underlined):
Code | Function | Explanation |
---|---|---|
DI |
Display | These functions are the same as those described in the appropriate maintenance sections for each object type. |
XR |
Cross-Reference | These functions are described below for each object type. |
To invoke a specific function for an object, you mark the object with the appropriate function code in column "Co" on the selection list.
You may select various objects for various functions at the same time; that is, you can mark several objects on the screen with a function code. For each object marked, the appropriate processing screen will be displayed. You may then perform for one object after another the selected functions.
This function allows you to obtain the following information:
a list of all base and compound applications to which a user is linked;
a list of all libraries available to a user;
a list of all DDMs/files a user's private library is linked to;
a list of all groups a user belongs to;
a list of all users contained in a given group;
a list of all security profiles owned by a user;
a list of all DDM/file security profiles where the user is "DDM Modifier";
a list of all external objects to which a user is linked;
the user-specific functional security specifications for the command processors for which functional security is defined for the user.
a list of all utility profiles defined for a user.
On the User Retrieval selection list, you mark the user whose security profile you wish to cross-reference with function code "XR".
A window will be displayed, in which you can select one or more of the following items by marking them with any character:
Applications | Displays a list of all base and compound applications to which the user is linked. |
---|---|
Libraries | Displays a list of all libraries available to the user. |
Linked Libraries | Displays a list of all libraries to which the user is linked (directly or via a group). |
DDMs / Files | Displays a list of all DDMs to which the user's private library is linked. |
Groups / Members | Displays a list of all groups to which the user belongs; if the user is a group, a list of all users contained in that group will be displayed. |
Owned Objects | Displays a list of all security profiles of which the user is an owner. |
DDM Modifier | Displays a list of all DDM/file security profiles in which the user is specified as "DDM Modifier". |
External Objects | Displays a list of all external objects to which the user is linked. |
Command Processors | Displays the functional security specifications for each command processor for which functional security is defined for the user. |
Utilities | Displays a list of all user-specific and user-library specific utility profiles defined for the user. |
This function allows you to obtain the following information:
a list of all DDMs a library is linked to;
a list of all users linked to a library;
the functional security specifications for the command processors in the library.
a list of all utility profiles defined for a library.
On the Library Retrieval selection list, you mark the library whose security profile you wish to cross-reference with function code "XR".
A window will be displayed, in which you can select one or more of the following items by marking them with any character:
DDMs / Files | Displays a list of all DDMs to which the library is linked. |
---|---|
Users | Displays a list of all users who are linked to the library. |
Command Processors | Displays the functional security specifications for each command processor in the library for which functional security is defined. |
Utilities | Displays a list of all library-specific and user-library specific utility profiles defined for the library. |
This function is only available on mainframe computers. It allows you to ascertain which libraries are linked to a file.
On the File Retrieval selection list, you mark the file whose security profile you wish to cross-reference with function code "XR".
A window will be displayed, in which you can select one or both of the following items by marking them with any character:
Libraries | Displays a list of all libraries that are linked to the file. |
---|---|
Private Libraries | Displays a list of all users whose private libraries are linked to the file. |
This function allows you to ascertain which utility profiles exist for a utility.
On the Utility Retrieval selection list, you mark the utility whose profiles you wish to cross-reference with function code "XR".
A window will be displayed, in which you can select one or more of the following items by marking them with any character:
Library-Specific Profiles | Displays a list of all library-specific profiles defined for this utility (as well as the utility's default profile). |
---|---|
User-Specific and User-Library-Specific Profiles | Displays a list of all user-specific profiles and user-library-specific profiles defined for this utility. |
All Profiles | Displays a list of all user-specific profiles, library-specific profiles and user-library-specific profiles, as well as the default profile defined for this utility. |
This function allows you to ascertain which users are linked to an application.
On the Application Retrieval selection list, you mark the application whose security profile you wish to cross-reference with function code "XR". A list of all users who are linked to the application will be displayed.
This function allows you to ascertain which users are linked to an external object.
On the Retrieval selection list for a type of external object, you mark the object whose security profile you wish to cross-reference with function code "XR". A list of all users who are linked to the external object will be displayed.
This function allows you to ascertain which users and libraries a mailbox is assigned to.
On the Mailbox Retrieval selection list, you mark the mailbox whose security profile you wish to cross-reference with function code "XR".
A window will be displayed, in which you can select one or both of the following items by marking them with any character:
Libraries | Displays a list of all libraries to which the mailbox is assigned. |
---|---|
Users | Displays a list of all users to which the mailbox is assigned. |
You can obtain all retrieval information for all objects of a certain object type at the same time. For this purpose, the library SYSSEC provides the program RETRIEVE. This program performs the Display and Cross-Reference functions for all objects of a certain object type; that is, it shows Display and Cross-Reference information for all selected objects.
The following information can be obtained:
Output 1: a list of all selected objects, with basic information about each object.
Output 2: display of security profiles of the selected objects.
Output 3: cross-reference information about the selected objects.
Output 4: display of security profiles of special links between users and libraries.
Various input parameters allow you to restrict the functions to a certain range of objects, and to determine the sequence in which the information is to be output. The input parameters for RETRIEVE are:
1st Parameter:
Object type: US for users, LI for libraries, FI for files (on
mainframes only), MA for mailboxes, or the corresponding code for a type of
external object.
2nd Parameter:
User type (for object type US): A = Administrator, P = Person, M =
Member, G = Group, T = Terminal, B = Batch user.
File status (for object type FI): PUBL = Public, ACCE = Access, PRIV = Private.
3rd Parameter:
Start value: An object name (optionally with asterisk notation) to
obtain information on a certain range of objects only.
4th and 5th Parameters:
Date from/to: A range of dates to obtain information only on objects
created/last modified within a specific period of time.
6th Parameter:
Function: Determines which information is output, and the output
sequence:
S | Output 1. |
A | Output 1, then Output 2 & 3 for one object, then Output 2 & 3 for the next object, etc. |
AE | Output 1, then Output 2, 3 & 4 for one object, then Output 2, 3 & 4 for the next object, etc. |
X | Output 3. |
XE | Output 3 & 4 for one object, then Output 3 & 4 for the next object, etc. |
D | Output 1, then Output 2 for every object. |
Z | Output 1, then Output 2 for every object, then Output 3 for every object. |
ZE | Output 1, then Output 2 for every object, then Output 3 for every object, then Output 4 for every object. |
The program RETRIEVE is primarily intended for use in batch mode. However, by issuing the direct command RETRIEVE, you can also invoke the program online: a menu will be displayed for you to specify the selection options.