This section describes how to control the access of users to protected libraries. It covers the following topics:
A library may be protected by specifying the values of "People-protected" and "Terminal-protected" in the General Options column of the library's security profile.
The possible combinations of "People-protected" and "Terminal-protected" are listed below:
Protection | Explanation |
---|---|
People: N Terminal: N |
The library is not protected. It may be used by any person from any terminal. The terminal need not be defined to Natural Security. The user must be defined to Natural Security. The user ID must be entered on the logon screen in order to be able to log on to the library. |
People: L Terminal: N |
This is identical to the above combination - with the following addition: Although the library is not protected, it is possible to link a group to the library. Only one group can be linked to the library, and the link must be a special link. This special link only applies to users of type "A" contained in the group. This feature is only intended to allow administrators different access to an unprotected library for maintenance purposes. (The special link to such a library can only be established via the function "Link users to library" which is invoked from the Library Maintenance selection list.) |
People: Y Terminal: N |
The library may be used only by persons who are linked to the library or are in a group that is linked to the library. It may be used from any terminal. The terminal need not be defined to Natural Security. The user (and the group if need be) must be defined to Natural Security. The user ID must be entered on the logon screen in order to be able to log on to the library. |
People: N Terminal: Y |
The library may be used by any person, but it may only be used from a terminal which is defined to Natural Security and is contained in a group which is linked to the library. No user ID is required on the logon screen to log on to the library. |
People: Y Terminal: Y |
The library may be used either by people linked to the library or from a terminal which is contained in a group which is linked to the library. In other words, by entering his or her user ID on the logon screen, a linked person may use the library from any terminal; people who are not linked to the library may only use the library from a linked terminal. |
People: Y Terminal: A |
The library may be used only by people from linked terminals: The person must be defined to Natural Security and must be in a group which is linked to the library (or may be linked directly, if user type "A" or "P"); the terminal must also be defined to Natural Security, and it must be contained in a group which is linked to the library. The user ID and library ID must be entered on the logon screen in order to be able to log on to the library. |
People: P Terminal: N |
This combination only applies to private libraries in public mode. The user with the same ID as the library ID may use the library without requiring a link to it. Otherwise, this combination is identical to "People: Y, Terminal: N" (see above). |
People: P Terminal: Y |
This combination only applies to private libraries in public mode. The user with the same ID as the library ID may use the library without requiring a link to it. Otherwise, this combination is identical to "People: Y, Terminal: Y" (see above). |
People: P Terminal: A |
This combination only applies to private libraries in public mode. The user with the same ID as the library ID may use the library without requiring a link to it. Otherwise, this combination is identical to "People: Y, Terminal: A" (see above). |
People: N Terminal: A |
This combination is not possible! |
People: L Terminal: Y |
This combination is not possible! |
People: L Terminal: A |
This combination is not possible! |
Please take care when you alter an existing combination of "People-protected" and "Terminal-protected". If the alteration results in a "lower" protection level, certain links will automatically be cancelled by Natural Security according to the following rules:
Change from | to | Effect on Links |
---|---|---|
any protection combination | People: N Terminal: N |
All existing links to the library will be cancelled. |
any protection combination | People: N Terminal: Y |
All direct links of ADMINISTRATORs and PERSONs will be cancelled; links of GROUPs to the library will remain. |
any protection combination | People: Y Terminal: N |
No links will be cancelled. |
any protection combination | People: Y Terminal: Y |
No links will be cancelled. |
People: N Terminal: Y |
People: Y Terminal: Y |
No links will be cancelled. However, all people contained in GROUPs which are linked to the library may now also log on the library! |
The user with the same user ID as the library ID always has access to his/her private library.
In public mode, other users' access to someone's private library is determined by the settings of the fields "People-protected" and "Terminal-protected" in the security profile of the private library. Possible values for the field "People-protected" are "P" (which is the default value, and which corresponds to "Y" in other library profiles) and "N" (which is the same as in other library profiles). Possible values for the field "Terminal-protected" are the same as for other libraries (Y, N or A). The possible protection combinations are described above.
In private mode, no other user has access to someone else's private library.
To allow a user access to a protected library, a link has to be established between the user and the library.
Only users of types ADMINISTRATOR, PERSON, and GROUP can be linked to a library.
Users of types ADMINISTRATOR and PERSON can be linked to a library either directly or via a GROUP.
Users of types MEMBER and TERMINAL can be linked to a library only via a GROUP; that is, they must be assigned to a GROUP, and the GROUP be linked to the library.
Two functions are available to establish and maintain links between users and libraries:
To link one user to various libraries, you use the function "Link user to libraries" (which is invoked from the User Maintenance selection list).
To link various users to one library, you use the function "Link users to library" (which is invoked from the Library Maintenance selection list).
Both functions are described below.
The function "Link user to libraries" is used to link one user to one or more libraries.
On the User Maintenance selection list, you mark the user you wish to link with function code "LL".
A window will be displayed. Here you can enter a Start Value (as described in the section Finding Your Way in Natural Security) for the list of libraries to be displayed. If you wish to maintain only existing links, you can select the option "Select only defined links" - in which case the list of libraries to be displayed will only include those libraries to which the user is already linked (normal and special links, including temporarily locked ones).
Then, the Link User To Libraries selection list will be displayed, showing the list of libraries.
The list includes all protected libraries; that is, if you link a user of type PERSON or ADMINISTRATOR, the list includes all libraries with "People-protected" set to "Y"; if you link a user of type GROUP, the list includes all libraries with at least one of the two protection values set to "Y".
The list can be scrolled as described in the section Finding Your Way in Natural Security.
On the list, you mark the libraries to which you wish to link the given user.
In the "Co" column, you may mark each library with one of the following function codes (possible code abbreviations are underlined):
Code | Function |
---|---|
LK
|
Link - The user may use the library with the security profile of the library being in effect. |
SL
|
Special Link - The user may use the library with a special security profile to be defined for the link; the link profile will take precedence over the library profile. For details on special links, see Special Links below. |
CL
|
Cancel - An existing link or special link will be cancelled. |
TL
|
Temporarily Locked - An existing link or special link will be suspended until it is re-establishd. A suspended link or special link can be re-established by marking the library concerned with "LK" or "SL" again. When a special link is re-established, the original link security profile will be re-established, too. |
DL
|
Display Special Link - The security profile of an existing special link between the user and the library will be displayed. |
DI |
Display Library - The security profile of the library will be displayed. |
LD |
Modify DDM Restrictions in Special Link Profile |
You can mark one or more libraries on the screen with a function code. For each library marked, the selected functions will then be executed one after another. When processing is completed, a message will be displayed stating the link situation now in effect for each library.
The function "Link user to libraries" is used to link one or more users to one library.
On the Library Maintenance selection list, you mark the library to which you wish to link users with code "LU".
A window will be displayed. Here you can enter a Start Value (as described in the section Finding Your Way in Natural Security) for the list of users to be displayed. If you wish to maintain only existing links, you can select the option "Select only defined links" - in which case the list of users to be displayed will only include those users which are already linked to the library (normal and special links, including temporarily locked ones).
Then, the Link Users To Library selection list will be displayed, showing the list of users.
The list includes all users of types GROUP, ADMINISTRATOR, and PERSON.
The list can be scrolled as described in the section Finding Your Way in Natural Security.
On the list, you mark the users you wish to be linked to the given library.
In the "Co" column, you may mark each user with one of the following function codes (possible code abbreviations are underlined):
Code | Function |
---|---|
LK
|
Link - The user may use the library with the security profile defined for the library being in effect. |
SL
|
Special Link - The user may use the library with a special security profile to be defined for the link; the link profile will take precedence over the library profile. For details on special links, see Special Links below. |
CL
|
Cancel - An existing link or special link will be cancelled. |
TL
|
Temporarily Locked - An existing link or special link will be suspended until it is re-establishd. A suspended link or special link can be re-established by marking the user concerned with "LK" or "SL" again. When a special link is re-established, the original link security profile will be re-established, too. |
DL
|
Display Special Link - The security profile of an existing special lik between the user and the library will be displayed. |
DI |
Display User - The security profile of the user will be displayed. |
LD |
Modify DDM Restrictions in Special Link Profile |
You can mark one or more users on the screen with a function code. For each user marked, the selected functions will then be executed one after another. When processing is completed, a message will be displayed stating the link situation now in effect for each user.
If a library security profile determines the conditions under which the library may be used generally, the special link security profile determines the conditions under which the user (or group of users) thus linked may use the library. This means that by using special links you may define for different users different conditions of use of the same library.
If you mark a user/library with "SL", you may define the security profile for this Special Link on the screens which will be displayed. The default settings which will appear on the Special Link security profile screens are taken from the security profile of the library.
The items you may define as part of a Special Link security profile correspond with the items you may define as part of a library security profile (see Components of a Library Profile in the section Library Maintenance).
To modify an existing Special Link security profile, mark the respective user/library with "SL" again on the Link Users To Library or Link User To Libraries screen: the Special Link security profile screen will then be invoked for modification.
To view the security profile of a Special Link, mark the respective user/library with "DL" on the Link Users To Library or Link User To Libraries screen: the Special Link security profile screen will then be displayed.
When a user logs on to a protected library, Natural Security will execute a number of checks to determine under which conditions the user may use the library. If none of the checks are positive, the logon will be rejected.
The following checks will be executed in the following order:
Library Protection | Checks Performed | ||||||
---|---|---|---|---|---|---|---|
|
First: Check whether the user is linked directly to the library; if the user is linked with a special link, the conditions defined in the special link security profile will be in effect; if the user is linked with an ordinary link, the conditions defined in the library security profile will be in effect. Second: Check whether the user is in a group which is linked to the library; if the user is contained in more than one group, these groups will be checked in the following order: first the "privileged groups" in the user's security profile will be checked in order of entry, then the other groups will be checked in alphabetical order; the first linked group found will be selected; if the group is linked with a special link, the conditions defined in the special link security profile will be in effect; if the group is linked with an ordinary link, the conditions defined in the library security profile will be in effect. |
||||||
|
Check whether the terminal is in a group which is linked to the library; if the terminal is contained in more than one group, these groups will be checked in the following order: first the "privileged groups" in the terminal's security profile will be checked in order of entry, then the other groups will be checked in alphabetical order; the first linked group found will be selected; if that group is linked with a special link, the conditions defined in the special link security profile will be in effect; if that group is linked with an ordinary link, the conditions defined in the library security profiles will be in effect. |
||||||
|
If the user logs on with a user ID, the same checks as under 1. will be executed. If the user logs on without specifying a user ID, the same checks as under 2. will be executed. |
||||||
|
The same checks as under 1. will be executed. |
Note:
The terminal must be in a group which is linked to the library, but
the conditions of use are determined by the user's link.
When logged on to a library, a user may enter the Natural system command PROFILE to ascertain which conditions of use are currently in effect.
When you enter the PROFILE command, the Security Profile screen is displayed, showing the following information:
User | |
---|---|
ID | The user's ID. |
Name | The user's name. |
Type | The user type. |
Link ID |
The current value of the Natural system variable *GROUP. An asterisk (*) next to the ID indicates that the group's/user's link to the current library is a Special Link. |
ETID | The current value of the Natural system variable *ETID. |
Library | |
ID | The ID of the current library. |
Name | The name of the current library. |
Steplibs | The steplibs of the current library. |
Transactions | |
Startup | The current value of the Natural system variable *STARTUP. |
Restart | The name of the restart transaction. |
Error | The current value of the Natural system variable *ERROR-TA. |
If you mark the field "Additional Options" on the Security Profile screen with "Y" or press PF4, a window will be displayed from which you can select the following items of information:
Security options
Security limits
Session parameters
Command restrictions
Editing restrictions
Statement restrictions
Time windows
System files
Natural version
The options where something is defined for the current user are marked with a plus sign (+).
You can select one or more items from the window by marking them with any character. For each item selected, an additional window/screen will be displayed (in the order of the items in the selection window).
If you press PF5, the NSC Utility Access Rights window will be displayed, providing an overview of the utility functions which you are allowed to use in each library.
If you have issued the PROFILE command from within a utility, the window lists the functions available in that utility.
If you have issued the PROFILE command elsewhere, the window lists all utilities along with information on whether some or all functions of a utility are allowed/disallowed for a specific library. (The notation <others> in the Library field of the window indicates all libraries for which nothing specific has been defined.) To obtain more detailed information on the utility functions allowed for a particular library, you can select one or more libraries from the window by marking them with any character.