This section provides information on handling Natural Security. It covers the following topics:
You can invoke Natural Security functions from within the Natural
Security library SYSSEC
or from outside of
SYSSEC
.
Within SYSSEC
:
You can invoke a function by selecting it from a Natural Security menu or selection list.
You can invoke a function by issuing a direct command.
Outside of SYSSEC
:
You can invoke a function via one of the application programming interfaces provided.
You can invoke a function by issuing a direct command.
Regardless of how you invoke a function, Natural Security's administrator/owner settings will always apply; that is, you can only apply functions to those security profiles you are allowed to maintain.
All SYSSEC
-specific commands are defined in the command
processor NSCCMD01
. You can disallow Natural Security functions by
disallowing the corresponding commands in NSCCMD01
. For details on
NSCCMD01
, see the section
Functional
Security for Library SYSSEC.
If functions are disallowed in NSCCMD01
, the corresponding
menu items will not be visible on the Natural Security menus. This means that
within SYSSEC
you only see the functions you are allowed to
use.
Do not use the Natural terminal command
%%
to abort a Natural Security function, as this may
cause inconsistencies in your Natural Security data.
To tell Natural Security to perform a particular action, you enter the appropriate function code, command, etc. and then press the ENTER key.
So, if the Natural Security documentation tells you to "enter a function code", this means, "type in the function code and press ENTER".
If a function requires that you press another key, this is explicitly mentioned in the Natural Security documentation.
To invoke online help for a Natural Security function:
you enter a question mark (?) as a function code on screens with a function code input field; or
you press PF1 on any Natural Security screen.
An explanation of a given screen and the information necessary to proceed will be displayed.
Note:
If certain items displayed on a Natural Security screen are not
directly relevant for the execution of the function concerned, these items are
not always explained in this documentation. In these cases, you will find the
corresponding explanations in the online help.
If you are not sure what you can enter in an input field on a Natural Security menu or selection screen, enter an asterisk (*) in the field: a window will be displayed showing you all the possible values for the field; in the window, you can then select the desired value.
This section covers the following topics:
When you invoke the Maintenance or Retrieval subsystem for a certain object type (user, library, etc.), a list of these objects will be displayed. Normally such a list will contain all objects.
For example, to list all users defined to Natural Security, you mark the object type User.
+-------------MAINTENANCE-------------+ ! Please select one type of object: ! ! ! ! X User ! ! _ Application ! ! _ Library ! ! _ File ! ! _ Mailbox ! ! _ Utility ! ! ! ! ! ! ! ! Start Value .. ________________ ! ! Type/Status .. ____ ! +-------------------------------------+ |
The contents of the above selection window may vary depending on the platform and the types of external objects available. If the list of object types exceeds the size of the window, you can use PF7 and PF8 to scroll within the window.
If you do not want a list of all objects but would like only certain objects to be listed, you may use the option Start Value.
For users, applications, libraries and files, you may also use the option Type/Status - either alone or in combination with the Start Value option. For other objects, only the Start Value option is available.
In this field you may enter a start value, which may consist of one or more characters, or of one or more characters followed by an asterisk (*). The option to enter a value followed by an asterisk is referred to as asterisk notation throughout the Natural Security documentation.
For example, to list all users, starting from the first user whose ID begins with "TOM", you mark the object type User and enter the following:
Start Value .. TOM
For example, to list only those users whose IDs begin with "TOM", you mark the object type User and enter the following:
Start Value .. TOM*
In this field you may enter a user type, application type, library protection status, or (on mainframes) a file status.
User type may be one of the following:
G |
Group |
M |
Member |
P |
Person |
A
|
Administrator |
T |
Terminal |
B
|
Batch User |
Library protection status may be one of the following:
NN |
Not protected. |
LN |
Not protected, but linkable for one group. |
YN
|
People-protected only. |
NY
|
Terminal-protected only. |
YY
|
People- or terminal-protected. |
YA
|
People- and terminal-protected. |
PN
|
For private libraries: same as YN .
|
PY
|
For private libraries: same as YY .
|
PA
|
For private libraries: same as YA .
|
(The above protection combinations are explained in the section Protecting Libraries.)
File status may be one of the following:
PRIV |
Private. |
ACCE |
Access. |
PUBL |
Public. |
UNDF |
Undefined; that is, DDMs for which no file security profiles have been created (*). |
DEFI |
Defined; that is, all PRIV , ACCE ,
and PUBL files (*).
|
NDDM |
File security profiles for which no DDMs exist (*). |
DDM |
All PRIV , ACCE , PUBL
and UNDF files (*)
|
* This is not an actual file status, but for selection purposes only.
If you do not select a file status, all PRIV
,
ACCE
, and PUBL
files will be listed.
Application type may be one of the following:
B or BASE |
Base applications. |
C or COMP |
Compound applications. |
If you do not select an application type, both base and compound applications will be listed.
To list all users of user type "Member", you mark the object type User and enter the following:
Type/Status .. M
To list only users of user type "Member" whose IDs begin with "T", you mark the object type User and enter the following:
Start Value .. T* Type/Status .. M
Once a list of objects is displayed, you may scroll it backwards and forwards in the following manner:
To scroll a list one page forward, you press PF8 (+).
To scroll a list one page backward, you press PF7 (-).
To scroll a list to its beginning, you press PF19 (- -).
To scroll a list to a specified start value, you may use the intensified field above the IDs, in the same way as described above for the Start Value field.
For a list of users or applications, you can also use the intensified field above the Type column in the same way as described above for the Type/Status field. For a list of libraries, the same is true for the field above the Protection Status column. These fields display the currently valid type/status selection criterion.
11:38:39 *** NATURAL SECURITY *** 2016-12-31 - User Maintenance - Co User ID User Name Type Message __ ________ ________________________________ ____ _____________________ __ AAZ ABDUL ALHAZRED A __ AD ARTHUR DENT A __ AH ALICE HARGREAVES M __ ER ELLEN RIPLEY M __ LL LOCKE LAMORA M __ TN THURSDAY NEXT A __ VV VINCENT VEGA P |
To select an object from a list for a function, you simply type in the appropriate function code for the function next to the object in the left-hand column (entitled Co) of a selection screen.
If you do not remember the function code for the function you wish to perform, enter an asterisk (*) in the Co column. A window will be displayed which shows all the function codes available; in the window, you can then select the desired function code.
This section covers the following topics
Once you are familiar with Natural Security and know how to find your way from menu to menu, you may be interested in invoking the function you want directly. This is done by using direct commands.
You can enter a direct command on any Natural Security screen which provides a command line:
Command ===> Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12--- Help Exit Canc |
If you enter a direct command which is invalid, you will receive an appropriate error message. If you enter a command which is incomplete, you will be prompted to specify the missing item(s).
After a function invoked by a direct command has been executed, the screen from which that function would "normally" be invoked will be displayed - not the screen on which the command had been entered.
There are three types of direct commands:
Generally, a direct command which is used to invoke a function consists of the following components, which you specify in the following order:
function object-type object-ID parameters
First, you specify a function. Possible functions are:
ADD |
Add security profile. |
COPY |
Copy security profile. |
MODIFY |
Modify security profile. |
RENAME |
Rename security profile. |
DELETE |
Delete security profile. |
DISPLAY |
Display security profile. |
EDIT |
Edit group members. |
LINK |
Link object to another object. |
XREF |
Cross-reference object. |
After the function, you specify an
object-type (for example, USER
,
LIBRARY
).
After the object type, you can specify an object-ID (for example, a user ID or library ID).
After the ID, you can specify one or more parameters (for example, a user type).
For the functions DISPLAY
and MODIFY
,
several parameters are available which allow you to
directly access those components of a security profile which are not on the
main security-profile screen, but on one of profile's Additional
Options screens. These are:
For all object-types:
Parameter | Security-Profile Component |
---|---|
DIR |
Maintenance Information. |
NOTES |
Security Notes. |
OWNERS |
Owners. |
For object-type USER
:
Parameter | Security-Profile Component |
---|---|
MAILBOXES |
Mailboxes. |
ACTIVATION |
Activation Dates. |
FUNCSEC |
Functional Security. |
PRIVLIB |
Private Library (only for user types A and P). |
SESSION |
Session Options (only for user types A and P). |
For object-type LIBRARY
:
Parameter | Security-Profile Component |
---|---|
MAILBOXES |
Mailboxes. |
TIMEW |
Time Windows. |
STEPLIBS |
Steplibs. |
FUNCSEC |
Functional Security. |
USEREXIT |
User Exit. |
OPTIONS |
Security Options. |
LIMITS |
Security Limits. |
PARAMETERS |
Session Parameters. |
RPC |
Natural RPC Restrictions. |
COMMANDS |
Command Restrictions. |
EDITORS |
Editing Restrictions. |
STATEMENTS |
Statement Restrictions. |
MODULES |
Disallow/Allow Modules. |
DDMSTATUS |
Set Status of DDMs. |
You may abbreviate the function component of a direct command as you please, as long as the abbreviation uniquely identifies the function.
You may abbreviate the object-type component of a direct command to 2 characters.
DISPLAY USER ADE
|
This command causes the security profile of user "ADE" to be displayed. |
---|---|
DISPLAY US ADE DIS
USER ADE DI US ADE |
Each of these three commands also causes the security profile of user "ADE" to be displayed. |
DE US ADE |
This command invokes the Delete function for user "ADE". |
D US AE |
This command is invalid, because D does
not uniquely identify a function; it could stand for DISPLAY or
DELETE .
|
Several Natural system commands are available within Natural Security; they must also be taken into consideration as far as the unique identification of a function is concerned.
ADD |
If you enter this command on a Maintenance selection list, the Add function for that type of object will be invoked. If you enter it somewhere else, the command is incomplete, because no object type was specified. |
---|---|
ADD US |
The Add User window will be invoked for you to enter a user ID and user type. |
ADD US CMOT
|
The Add User window will be invoked for you to enter a user type. |
ADD US CMOT M ANKH
|
The Add User screen for user "CMOT" of user type "Member", using default profile "ANKH" as the basis of the user profile to be created, will be invoked for you to define the user. |
MODIFY
|
This command is incomplete, because no object type was specified after the function. |
MODIFY
LIB
|
This command displays the Library Maintenance selection list, as no library ID was specified. |
MOD LIB
BOOKS |
The security profile of library "BOOKS" will be displayed for modification. |
CO US ESME
|
The Copy User window will be displayed for you to enter the user ID of the new user. |
CO US ESME OGG
|
The Copy User screen for user "OGG" will be invoked with the security profile of user "ESME" copied into the security profile of user "OGG". The copying is without links. |
CO US ESME OGG Y
|
The Copy User screen for user "OGG" will be invoked with the security profile of user "ESME" copied into the security profile of user "OGG". The copying is with links. |
EDIT US
DOC |
Invokes the Edit Group Members function for the group "DOC". |
XREF MAIL MAIL1
|
Invokes the Cross-Reference function for mailbox "MAIL1". |
LK LI ODDS
US |
The Link Users To Library screen will be invoked for users to be linked to library "ODDS"; the list will contain all users. |
LINK US IW LI
|
The Link User To Libraries screen will be invoked for user "IW" to be linked to libraries; the list will contain all libraries. |
The following commands can be used to invoke a selection list:
Command | Function |
---|---|
MAINTENANCE
object-type object-ID parameters
|
If you specify only the command itself, the object selection
window for maintenance functions will be displayed.
If you specify an object-type after the command, the maintenance selection list for that type of object will be displayed. If you specify an object-type and an object-ID after the command, the maintenance selection list for that type of object will be displayed, and the object-ID will be used as start value for the list. After the object-ID, you can specify one or more parameters (for example, user type) as further selection criteria for the maintenance selection list to be displayed. |
RETRIEVAL
object-type object-ID parameters
|
If you specify only the command itself, the object selection
window for retrieval functions will be displayed.
In the same manner as for the
|
Apart from commands which invoke a particular function or selection list (as described above), and several Natural system commands (which are described in the Natural System Commands documentation), the following special commands are available (underlining indicates the shortest abbreviation possible):
Command | Function |
---|---|
ADMIN
|
Invokes the Administrator Services Menu. |
ADMIN_A |
Invokes the Administrator Services function General NSF Options (only available with Natural SAF Security). |
ADMIN_B |
Invokes the Administrator Services function Authentication Options. |
ADMIN_D |
Invokes the Administrator Services function Library And User Preset Values. |
ADMIN_E |
Corresponds to the command
ERROR .
|
ADMIN_G |
Invokes the Administrator Services function Set General Options. |
ADMIN_I |
Invokes the Administrator Services function Application Programming Interfaces. |
ADMIN_L |
Corresponds to the command
LOGREC .
|
ADMIN_N |
Invokes the Administrator Services function Maintenance Log Records. |
ADMIN_P |
Invokes the Administrator Services function Set PF-Keys. |
ADMIN_S |
Invokes the Administrator Services function Definition of System Libraries. |
ADMIN_U |
Invokes the Administrator Services function User Default Profiles. |
ADMIN_X |
Invokes the Administrator Services function Utility Defaults/Templates. |
ADMIN_Y |
Invokes the Administrator Services function Library Default Profiles. |
ADMIN_1 |
Invokes the Administrator Services function Environment Profiles. |
ADMIN_2 |
Invokes the Administrator Services function SAF Online Services. |
ADMIN_3 |
Invokes the Administrator Services function Definition of Undefined Libraries. |
CUSTOM1
CUSTOM2 CUSTOM3
CUSTOM4 CUSTOM5 |
These commands invoke Natural programs of the same names. You can write your own programs of these names to perform whatever functions you require; this allows you to invoke such functions from within Natural Security. |
ERRDEL |
Deletes all logon/countersign error records (see also Direct Command ERRDEL in the section Administrator Services). |
ERROR |
Invokes the Logon/Countersign Errors Menu. |
LOGDEL |
Deletes all logon records (see also Deleting All Logon Records - Direct Command LOGDEL in the section Administrator Services). |
LOGFILE |
Invokes the Administrator Services function Log File Maintenance. |
LOGREC |
Invokes the Logon Records Menu. |
MENU |
Invokes the Natural Security Main Menu. |
. (period)
|
Terminates the given processing level and displays the screen of the next higher processing level (the same as PF3). |
You can also issue a Natural Security direct command from outside of
the Natural Security library SYSSEC
. This allows you to perform a
Natural Security function from anywhere in your Natural session without having
to log on to the library SYSSEC
.
To do so, you enter the direct command - prefixed by
SYSSEC
- in the Natural command line.
For example:
SYSSEC MOD LIB XYZ
When you leave the screen invoked by the direct command, you will be returned to the Natural screen from which you have issued the command.
Note:
When you issue a direct command which invokes a function, you have
to specify the full command, that is, you must not omit any command component
necessary to invoke the actual function (and not only a selection screen or
start-value window). For example, the command COPY USER ABC
would
be incomplete, because the new user ID is missing.