Finding Your Way In Natural Security

This section provides information on handling Natural Security. It covers the following topics:


Invoking a Function

You can invoke Natural Security functions from within the Natural Security library SYSSEC or from outside of SYSSEC.

Within SYSSEC:

  • You can invoke a function by selecting it from a Natural Security menu or selection list.

  • You can invoke a function by issuing a direct command.

Outside of SYSSEC:

Profile Security

Regardless of how you invoke a function, Natural Security's administrator/owner settings will always apply; that is, you can only apply functions to those security profiles you are allowed to maintain.

Functional Security

All SYSSEC-specific commands are defined in the command processor NSCCMD01. You can disallow Natural Security functions by disallowing the corresponding commands in NSCCMD01. For details on NSCCMD01, see the section Functional Security for Library SYSSEC.

If functions are disallowed in NSCCMD01, the corresponding menu items will not be visible on the Natural Security menus. This means that within SYSSEC you only see the functions you are allowed to use.

Aborting a Function

Do not use the Natural terminal command %% to abort a Natural Security function, as this may cause inconsistencies in your Natural Security data.

Pressing the ENTER Key

To tell Natural Security to perform a particular action, you enter the appropriate function code, command, etc. and then press the ENTER key.

So, if the Natural Security documentation tells you to "enter a function code", this means, "type in the function code and press ENTER".

If a function requires that you press another key, this is explicitly mentioned in the Natural Security documentation.

Help

To invoke online help for a Natural Security function:

  • you enter a question mark (?) as a function code on screens with a function code input field; or

  • you press PF1 on any Natural Security screen.

An explanation of a given screen and the information necessary to proceed will be displayed.

Note:
If certain items displayed on a Natural Security screen are not directly relevant for the execution of the function concerned, these items are not always explained in this documentation. In these cases, you will find the corresponding explanations in the online help.

Not Sure What to Enter?

If you are not sure what you can enter in an input field on a Natural Security menu or selection screen, enter an asterisk (*) in the field: a window will be displayed showing you all the possible values for the field; in the window, you can then select the desired value.

Handling a List

This section covers the following topics:

Selecting the Range of Objects to be Listed

When you invoke the Maintenance or Retrieval subsystem for a certain object type (user, library, etc.), a list of these objects will be displayed. Normally such a list will contain all objects.

For example, to list all users defined to Natural Security, you mark the object type User.

+-------------MAINTENANCE-------------+
!  Please select one type of object:  !
!                                     !
!  X User                             !
!  _ Application                      !
!  _ Library                          !
!  _ File                             !
!  _ Mailbox                          !
!  _ Utility                          !
!                                     !
!                                     !
!                                     !
! Start Value .. ________________     !
! Type/Status .. ____                 !
+-------------------------------------+

The contents of the above selection window may vary depending on the platform and the types of external objects available. If the list of object types exceeds the size of the window, you can use PF7 and PF8 to scroll within the window.

If you do not want a list of all objects but would like only certain objects to be listed, you may use the option Start Value.

For users, applications, libraries and files, you may also use the option Type/Status - either alone or in combination with the Start Value option. For other objects, only the Start Value option is available.

Start Value

In this field you may enter a start value, which may consist of one or more characters, or of one or more characters followed by an asterisk (*). The option to enter a value followed by an asterisk is referred to as asterisk notation throughout the Natural Security documentation.

For example, to list all users, starting from the first user whose ID begins with "TOM", you mark the object type User and enter the following:

Start Value .. TOM

For example, to list only those users whose IDs begin with "TOM", you mark the object type User and enter the following:

Start Value .. TOM*

Type/Status

In this field you may enter a user type, application type, library protection status, or (on mainframes) a file status.

User Type

User type may be one of the following:

G Group
M Member
P Person
A   Administrator
T Terminal
B   Batch User

Library Protection Status

Library protection status may be one of the following:

NN Not protected.
LN Not protected, but linkable for one group.
YN   People-protected only.
NY   Terminal-protected only.
YY  People- or terminal-protected.
YA   People- and terminal-protected.
PN   For private libraries: same as YN.
PY   For private libraries: same as YY.
PA   For private libraries: same as YA.

(The above protection combinations are explained in the section Protecting Libraries.)

File Status

File status may be one of the following:

PRIV Private.
ACCE Access.
PUBL Public.
UNDF Undefined; that is, DDMs for which no file security profiles have been created (*).
DEFI Defined; that is, all PRIV, ACCE, and PUBL files (*).
NDDM File security profiles for which no DDMs exist (*).
DDM All PRIV, ACCE, PUBL and UNDF files (*)

* This is not an actual file status, but for selection purposes only.

If you do not select a file status, all PRIV, ACCE, and PUBL files will be listed.

Application Type

Application type may be one of the following:

B or BASE Base applications.
C or COMP Compound applications.

If you do not select an application type, both base and compound applications will be listed.

Example 1 - Type/Status option:

To list all users of user type "Member", you mark the object type User and enter the following:

Type/Status .. M

Example 2 - Combining Start Value and Type/Status:

To list only users of user type "Member" whose IDs begin with "T", you mark the object type User and enter the following:

Start Value .. T*
Type/Status .. M

Scrolling a List

Once a list of objects is displayed, you may scroll it backwards and forwards in the following manner:

  • To scroll a list one page forward, you press PF8 (+).

  • To scroll a list one page backward, you press PF7 (-).

  • To scroll a list to its beginning, you press PF19 (- -).

  • To scroll a list to a specified start value, you may use the intensified field above the IDs, in the same way as described above for the Start Value field.

  • For a list of users or applications, you can also use the intensified field above the Type column in the same way as described above for the Type/Status field. For a list of libraries, the same is true for the field above the Protection Status column. These fields display the currently valid type/status selection criterion.

11:38:39                    *** NATURAL SECURITY ***                 2015-12-31
                              - User Maintenance -                             
                                                                              
Co User ID  User Name                        Type Message                      
__ ________ ________________________________ ____ _____________________        
__ AAZ      ABDUL ALHAZRED                   A                               
__ AD       ARTHUR DENT                      A                                 
__ AH       ALICE HARGREAVES                 M                                 
__ ER       ELLEN RIPLEY                     M                                 
__ LL       LOCKE LAMORA                     M                                 
__ TN       THURSDAY NEXT                    A                                 
__ VV       VINCENT VEGA                     P
                                                                             

Selecting an Object from a List

To select an object from a list for a function, you simply type in the appropriate function code for the function next to the object in the left-hand column (entitled Co) of a selection screen.

If you do not remember the function code for the function you wish to perform, enter an asterisk (*) in the Co column. A window will be displayed which shows all the function codes available; in the window, you can then select the desired function code.

Direct Commands

This section covers the following topics

General Command Information

Once you are familiar with Natural Security and know how to find your way from menu to menu, you may be interested in invoking the function you want directly. This is done by using direct commands.

You can enter a direct command on any Natural Security screen which provides a command line:

Command ===>
Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12---
      Help        Exit                                                  Canc   

If you enter a direct command which is invalid, you will receive an appropriate error message. If you enter a command which is incomplete, you will be prompted to specify the missing item(s).

After a function invoked by a direct command has been executed, the screen from which that function would "normally" be invoked will be displayed - not the screen on which the command had been entered.

There are three types of direct commands:

Commands to Invoke a Function

General Command Syntax

Generally, a direct command which is used to invoke a function consists of the following components, which you specify in the following order:

function  object-type  object-ID  parameters

First, you specify a function. Possible functions are:

ADD Add security profile.
COPY Copy security profile.
MODIFY Modify security profile.
RENAME Rename security profile.
DELETE Delete security profile.
DISPLAY Display security profile.
EDIT Edit group members.
LINK Link object to another object.
XREF Cross-reference object.

After the function, you specify an object-type (for example, USER, LIBRARY).

After the object type, you can specify an object-ID (for example, a user ID or library ID).

After the ID, you can specify one or more parameters (for example, a user type).

Parameters for Security-Profile Components

For the functions DISPLAY and MODIFY, several parameters are available which allow you to directly access those components of a security profile which are not on the main security-profile screen, but on one of profile's Additional Options screens. These are:

For all object-types:

Parameter Security-Profile Component
DIR Maintenance Information.
NOTES Security Notes.
OWNERS Owners.

For object-type USER:

Parameter Security-Profile Component
MAILBOXES Mailboxes.
ACTIVATION Activation Dates.
FUNCSEC Functional Security.
PRIVLIB Private Library (only for user types A and P).
SESSION Session Options (only for user types A and P).

For object-type LIBRARY:

Parameter Security-Profile Component
MAILBOXES Mailboxes.
TIMEW Time Windows.
STEPLIBS Steplibs.
FUNCSEC Functional Security.
USEREXIT User Exit.
OPTIONS Security Options.
LIMITS Security Limits.
PARAMETERS Session Parameters.
RPC Natural RPC Restrictions.
COMMANDS Command Restrictions.
EDITORS Editing Restrictions.
STATEMENTS Statement Restrictions.
MODULES Disallow/Allow Modules.
DDMSTATUS Set Status of DDMs.

Abbreviating a Command

You may abbreviate the function component of a direct command as you please, as long as the abbreviation uniquely identifies the function.

You may abbreviate the object-type component of a direct command to 2 characters.

Examples:

DISPLAY USER ADE   This command causes the security profile of user "ADE" to be displayed.
DISPLAY US ADE
DIS USER ADE
DI US ADE
Each of these three commands also causes the security profile of user "ADE" to be displayed.
DE US ADE   This command invokes the Delete function for user "ADE".
D US AE   This command is invalid, because D does not uniquely identify a function; it could stand for DISPLAY or DELETE.

Several Natural system commands are available within Natural Security; they must also be taken into consideration as far as the unique identification of a function is concerned.

Command Examples

ADD   If you enter this command on a Maintenance selection list, the Add function for that type of object will be invoked. If you enter it somewhere else, the command is incomplete, because no object type was specified.
ADD US   The Add User window will be invoked for you to enter a user ID and user type.
ADD US CMOT   The Add User window will be invoked for you to enter a user type.
ADD US CMOT M ANKH   The Add User screen for user "CMOT" of user type "Member", using default profile "ANKH" as the basis of the user profile to be created, will be invoked for you to define the user.
MODIFY   This command is incomplete, because no object type was specified after the function.
MODIFY LIB   This command displays the Library Maintenance selection list, as no library ID was specified.
MOD LIB BOOKS The security profile of library "BOOKS" will be displayed for modification.
CO US ESME   The Copy User window will be displayed for you to enter the user ID of the new user.
CO US ESME OGG   The Copy User screen for user "OGG" will be invoked with the security profile of user "ESME" copied into the security profile of user "OGG". The copying is without links.
CO US ESME OGG Y   The Copy User screen for user "OGG" will be invoked with the security profile of user "ESME" copied into the security profile of user "OGG". The copying is with links.
EDIT US DOC Invokes the Edit Group Members function for the group "DOC".
XREF MAIL MAIL1   Invokes the Cross-Reference function for mailbox "MAIL1".
LK LI ODDS US The Link Users To Library screen will be invoked for users to be linked to library "ODDS"; the list will contain all users.
LINK US IW LI   The Link User To Libraries screen will be invoked for user "IW" to be linked to libraries; the list will contain all libraries.

Commands to Invoke a Selection List

The following commands can be used to invoke a selection list:

Command Function
MAINTENANCE object-type object-ID parameters If you specify only the command itself, the object selection window for maintenance functions will be displayed.

If you specify an object-type after the command, the maintenance selection list for that type of object will be displayed.

If you specify an object-type and an object-ID after the command, the maintenance selection list for that type of object will be displayed, and the object-ID will be used as start value for the list.

After the object-ID, you can specify one or more parameters (for example, user type) as further selection criteria for the maintenance selection list to be displayed.

RETRIEVAL object-type object-ID parameters If you specify only the command itself, the object selection window for retrieval functions will be displayed.

In the same manner as for the MAINTENANCE command (see above), you can specify an object-type, object-ID and parameters with this command.

Special Commands

Apart from commands which invoke a particular function or selection list (as described above), and several Natural system commands (which are described in the Natural System Commands documentation), the following special commands are available (underlining indicates the shortest abbreviation possible):

Command Function
ADMIN Invokes the Administrator Services Menu.
ADMIN_A Invokes the Administrator Services function General NSF Options (only available with Natural SAF Security).
ADMIN_B Invokes the Administrator Services function Authentication Options.
ADMIN_D Invokes the Administrator Services function Library And User Preset Values.
ADMIN_E Corresponds to the command ERROR.
ADMIN_G Invokes the Administrator Services function Set General Options.
ADMIN_I Invokes the Administrator Services function Application Programming Interfaces.
ADMIN_L Corresponds to the command LOGREC.
ADMIN_N Invokes the Administrator Services function Maintenance Log Records.
ADMIN_P Invokes the Administrator Services function Set PF-Keys.
ADMIN_S Invokes the Administrator Services function Definition of System Libraries.
ADMIN_U Invokes the Administrator Services function User Default Profiles.
ADMIN_X Invokes the Administrator Services function Utility Defaults/Templates.
ADMIN_Y Invokes the Administrator Services function Library Default Profiles.
ADMIN_1 Invokes the Administrator Services function Environment Profiles.
ADMIN_2 Invokes the Administrator Services function SAF Online Services.
ADMIN_3 Invokes the Administrator Services function Definition of Undefined Libraries.
CUSTOM1 CUSTOM2 CUSTOM3 CUSTOM4 CUSTOM5 These commands invoke Natural programs of the same names. You can write your own programs of these names to perform whatever functions you require; this allows you to invoke such functions from within Natural Security.
ERRDEL Deletes all logon/countersign error records (see also Direct Command ERRDEL in the section Administrator Services).
ERROR Invokes the Logon/Countersign Errors Menu.
LOGDEL Deletes all logon records (see also Deleting All Logon Records - Direct Command LOGDEL in the section Administrator Services).
LOGFILE Invokes the Administrator Services function Log File Maintenance.
LOGREC Invokes the Logon Records Menu.
MENU Invokes the Natural Security Main Menu.
. (period) Terminates the given processing level and displays the screen of the next higher processing level (the same as PF3).

Issuing a Command Outside of SYSSEC

You can also issue a Natural Security direct command from outside of the Natural Security library SYSSEC. This allows you to perform a Natural Security function from anywhere in your Natural session without having to log on to the library SYSSEC.

To do so, you enter the direct command - prefixed by SYSSEC - in the Natural command line.

For example:

SYSSEC MOD LIB XYZ

When you leave the screen invoked by the direct command, you will be returned to the Natural screen from which you have issued the command.

Note:
When you issue a direct command which invokes a function, you have to specify the full command, that is, you must not omit any command component necessary to invoke the actual function (and not only a selection screen or start-value window). For example, the command COPY USER ABC would be incomplete, because the new user ID is missing.