This section covers the following topics:
Before you use Natural Security in batch mode, you should be familiar with the general considerations concerning the use of Natural in batch mode as described in the Natural Operations documentation.
Please also observe the batch-mode particularities of the underlying operating system.
If you want to process a job in batch mode under Natural Security, the
Natural system variable *DEVICE
must be set to
BATCH
.
This section contains information on:
When you use Natural Security in batch mode, the logon procedure is
started automatically. Input for the LOGON
command
must be provided as follows:
%* library-ID,user-ID,password
library-ID user-ID %* password
In forms mode, the library-ID must be 8 bytes long; if it is less than 8 characters long, the remaining bytes must be filled with blanks.
The input mode on mainframes is set with the Natural profile parameter
IM
(see Natural
Parameter Reference documentation).
The specification of %*
prevents the password from being
printed.
If the logon procedure is to be initialized via dynamic parameters, the
LOGON
command must be specified with the profile
parameter STACK
as follows:
STACK=(LOGON library-ID user-ID password)
If no input data are specified for the LOGON
command, the Natural batch session will be terminated.
Note:
Under Windows in batch mode, the map LOGONM1
instead
of the dialog box GLOGONM1
is displayed as logon screen.
To change the password in batch mode, input for the
LOGON
command must be provided as follows:
%* library-ID,user-ID,password,new-password %* ,,,new-password
library-ID user-ID %* password new-password %* new-password
For forms mode, library-ID and password must be 8 bytes long; if they are shorter, the remaining bytes must be filled with blanks. The new-password in the last line must be preceded by 8 blanks.
If you use automatic logon (Natural profile parameter
AUTO=ON
) in batch mode, the value of the Natural system variable
*INIT-USER
will be taken as user ID. By default,
*INIT-USER
in batch mode contains the name of the batch job under
which the Natural session. A user profile for this batch job name must be
defined in Natural Security. A logon with another user ID is not possible.
On mainframe computers under z/OS, the value of
*INIT-USER
is determined by the parameter USERID
in the Natural z/OS batch
interface. Depending on the setting of this parameter, this value can be
supplied by the security access control block (ACEE) of the security package
being used (for example, RACF or ACF2), or by the USER
parameter
in the job card.
When you log on to a library in batch mode, the setting of the switch Batch execution in the library security profile determines whether the startup transaction specified in the library security profile will be executed or not. See Transactions (under Components of a Library Profile in the section Library Maintenance) for details.
When you log on in batch mode, it depends on the setting of the general option Suppress mailboxes in batch mode (see Administrator Services) whether mailboxes are displayed or not.
In addition to creating security profiles for users of types "A", "P", "M", "G" and "T", you can also create user security profiles of type "B" (for "batch"). They are created in the same way as other user security profiles (see Adding a New User in the section User Maintenance) You can then enter the user ID of such a batch user in the field Batch User ID of a user security profile.
Before a batch user ID can be entered in a user security profile, a security profile for this batch user ID must have been defined.
Several users may share the same batch user ID; that is, the same batch user ID can be entered in the security profiles of several users. Thus, the same conditions of use can apply to several users in batch mode, and these conditions have to be defined only once.
A batch user ID cannot be used for a logon in online mode.
In batch mode, a user logs on with his/her "normal" user ID and password. Natural Security will then use the batch user ID specified in the user's security profile, and the conditions of use defined for that batch user ID will apply.
If no batch user ID is specified in the user's security profile, the Privileged Groups specified in the user's security profile will be checked (in order of entry) for a batch user ID. If none of the Privileged Groups has a batch user ID either, the user's own user ID will be used.
A batch user profile cannot be linked directly to a library, it must be linked via a Group; that is, it must be contained in a Group, and the Group be linked to the library.
Countersignatures cannot be processed in batch mode. This means that security profiles which require a countersignature for maintenance permission are excluded from batch-mode processing.