NAF - NATSPOOL and Natural Security

This Dokument describes the Natural Security features supported by Natural Advanced Facilities and how these features can be used.


User Types

Under Natural Security, there are three types of Natural Advanced Facilities users:

System Administrators

A NATSPOOL system administrator is either an owner of the library SYSPOOL, as defined in Natural Security, or, if no owner has been defined for SYSPOOL, a user defined as administrator (user type A) in Natural Security.

System administrators can access all NATSPOOL functions, unless certain restrictions have been imposed within NATSPOOL itself.

Group Administrators

If any owners are defined in Natural Security for library SYSPOOL, users defined as administrators (user type A) but not defined as owners are group administrators.

Group administrators can perform administrative functions, too, but only within the group(s) they belong to. The Natural Security administrator must define valid group IDs and define which users are members of which groups by using the User Maintenance functions of Natural Security (see the Natural Security documentation). The group administrator must be a member of the corresponding group(s).

End-Users

End-users are users who are neither defined as system administrators nor as group administrators.

User-Type-Dependent Menus

Depending on which user type invokes NATSPOOL with startup program MENU, different menus are displayed.

Menu for System Administrators

Time 12:31:03        *** Natural Spool Administration ***      Date 2002-10-17 
User SAG                            M e n u                    File 7/411      
                                                                               
      Administration                            Information                    
                                                                               
      10 Reports/Queues                         20 Cross-Reference             
      11 Devices                                21 Statistics                  
      12 Abstracts                              22 Look at Spool File          
      13 Applications                           23 CALLNAT Handling            
      14 Change Spool File                                                     
                                                                               
                                                                               
      Maintenance                               Control Functions              
                                                                               
      30 Spool File Properties                  40 Check Spool File            
      31 Objects                                41 Logging Data                
      32 Mass Update                            42 Create Test Reports         
      33 Hardcopy Allocations                   43 Delete Reports by Date      
      34 Transfer Objects                                                      
                                                                               
Enter function, mark with cursor, or press a PF-key.                           
Command ===>                                                                   
Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12---
      Help        Exit  Repor Devic Flip  Abstr Appli Cross Stati Look  Canc   

The NATSPOOL menu for system administrators under Natural Security corresponds to the NATSPOOL menu without Natural Security.

If Natural Security has not been installed, all users of Natural Advanced Facilities are system administrators.

Menu for Group Administrators or End-Users

For users defined as group administrators or end-users, the NATSPOOL menu provides only a subset of the functions available for the system administrator.

Time 12:34:25        *** Natural Spool Administration ***      Date 2002-10-17 
User SAG                            M e n u                    File 7/411      
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                           10  Reports/Queues                                   
                           11  Devices                                          
                           12  Abstracts                                        
                           13  Applications                                     
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
 Enter function, mark with cursor, or press a PF-key.                           
 Command ===>                                                                   
 Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12---
       Help        Exit  Repor Devic       Abstr Appli                          

When accessing objects, such, as printers or reports, the corresponding subfunctions are restricted. The restrictions imposed by Natural Security can be further restricted by NATSPOOL itself.

SPOOL Parameter in Library Security Profile

If Natural Security is installed, it is possible to use different NATSPOOL user profiles for different libraries without leaving the Natural session. This is accomplished by entering a SPOOL parameter (a user profile name) in the SPOOL profile field in the library security profile in Natural Security.

The user profile specified in the SPOOL parameter of the library security profile should contain the same number of printers as used for the NTPRINT macro or PRINT parameter. At the beginning of a Natural session, Natural executes a GETMAIN (REQM) for the number of printers specified. If the default is 3 (for example, NTPRINT (1-3),AM=NAF) and a library which has a user profile with 4 printers specified is accessed, only 3 can be used. This is because GETMAIN (REQM) is only executed at the beginning of the Natural session.

At logon time it is checked whether a SPOOL parameter has been specified for the library. A blank value for the SPOOL parameter causes the usage of the user profile which was activated at the start of the Natural session. If the SPOOL parameter is different from the previous one, the corresponding logical printers are re-initialized.

The maximum number of logical printers contained in the NTPRINT macro or PRINT parameter at Natural startup time is taken into account. Therefore, during the initialization by using the user profile specified with Natural Security, there are three possibilities as to how many printer profiles will be changed:

  • If the new number of logical printers is equal to the old number of logical printers, all logical printers will be re-initialized.

  • If the new number of logical printers is less than the old number of logical printers, only the new number of logical printers will be re-initialized. All the other logical printers will be deleted.

  • If the new number of logical printers is greater than the old number of logical printers, all numbers of logical printers will be initialized.

Any attempt to write to a printer which has a number greater than those initialized results in error message NAT0361 (printer number not allocated).

Restriction of NATSPOOL Functions

Usage of the functions provided on the NATSPOOL menu can be restricted by disallowing the appropriate Natural modules in the library security profile of library SYSPOOL.

The modules can be restricted on a global basis by modifying the library security profile of SYSPOOL. Further control can be exercised on an individual basis by defining individual special links to SYSPOOL for individual users.

The NATSPOOL functions are contained in the following Natural modules:

NATSPOOL Function Function Code Natural Module
Reports/Queues 10 SPPREP*
Devices 11 SPPPSE*
Abstracts 12 SPPSES*
Applications 13 SPPAPC*
Change Spool File 14 SPPCSF*
Entire Output Management 15 SPPEOM01
Cross-Reference 20 SPPCR*
Statistics 21 SPPSTA*
Look at Spool File 22 SPPLOO*
CALLNAT Handling 23 SPPUSP*
Layout of Spool File 30 SPPFIL*
SPPFOR*
Objects 31 SPPUSE*
SPPSEL01
SPPHCO01
Mass Update 32 SPPMA*
Hardcopy Allocations 33 SPPHC*
Transfer Objects 34 SPPTRF*
Check Spool File 40 SPPCHE*
Logging Data 41 SPPLGG*
Create Test Report(s) 42 SPPTREP*
Delete Reports by Date 43 SPPRBT*

NATSPOOL-Internal Security

Regardless of whether Natural Security is installed, the following NATSPOOL internal security features apply:

Report Protection

Reports can be protected both when being displayed in online mode and when being printed. See Function 31.2.

Object Protection

Objects can be protected both when being modified or used. See Function 31.7.