This section describes how to control the access of users to protected libraries. It covers the following topics:
A library may be protected by specifying the values of People-protected and Terminal-protected in the General Options column of the library's security profile.
The possible combinations of People-protected and Terminal-protected are listed below:
Protection | Explanation |
---|---|
People: N Terminal: N |
The library is not protected. It may be used by any person from any terminal. The terminal need not be defined to Natural Security. The user must be defined to Natural Security. The user ID must be entered on the logon screen in order to be able to log on to the library. |
People: L Terminal: N |
This is identical to the above combination - with the following addition: Although the library is not protected, it is possible to link a group to the library. Only one group can be linked to the library, and the link must be a special link. This special link only applies to users of type "Administrator" contained in the group. This feature is only intended to allow administrators different access to an unprotected library for maintenance purposes. (The special link to such a library can only be established via the function "Link users to library" which is invoked from the Library Maintenance selection list.) Anmerkung: |
People: Y Terminal: N |
The library may be used only by persons who are linked to the library or are in a group that is linked to the library. It may be used from any terminal. The terminal need not be defined to Natural Security. The user (and the group if need be) must be defined to Natural Security. The user ID must be entered on the logon screen in order to be able to log on to the library. |
People: N Terminal: Y |
The library may be used by any person, but it may only be used from a terminal which is defined to Natural Security and is contained in a group which is linked to the library. No user ID is required on the logon screen to log on to the library. |
People: Y Terminal: Y |
The library may be used either by people linked to the library or from a terminal which is contained in a group which is linked to the library. In other words, by entering his or her user ID on the logon screen, a linked person may use the library from any terminal; people who are not linked to the library may only use the library from a linked terminal. |
People: Y Terminal: A |
The library may be used only by people from linked terminals: The person must be defined to Natural Security and must be in a group which is linked to the library (or may be linked directly, if user type "Administrator" or "Person"); the terminal must also be defined to Natural Security, and it must be contained in a group which is linked to the library. The user ID and library ID must be entered on the logon screen in order to be able to log on to the library. |
People: P Terminal: N |
This combination only applies to private libraries in public mode. The user with the same ID as the library ID may use the library without requiring a link to it. Otherwise, this combination is identical to "People: Y, Terminal: N" (see above). |
People: P Terminal: Y |
This combination only applies to private libraries in public mode. The user with the same ID as the library ID may use the library without requiring a link to it. Otherwise, this combination is identical to "People: Y, Terminal: Y" (see above). |
People: P Terminal: A |
This combination only applies to private libraries in public mode. The user with the same ID as the library ID may use the library without requiring a link to it. Otherwise, this combination is identical to "People: Y, Terminal: A" (see above). |
People: N Terminal: A |
This combination is not possible! |
People: L Terminal: Y |
This combination is not possible! |
People: L Terminal: A |
This combination is not possible! |
Please take care when you change an existing combination of People-protected and Terminal-protected. If the change results in a "lower" protection level, certain links will automatically be cancelled by Natural Security according to the following rules:
Change from | to | Effect on Links |
---|---|---|
any protection combination | People: N Terminal: N |
All existing links to the library will be cancelled. |
People: N Terminal: Y |
All direct links of "Administrator"s and "Person"s will be cancelled. Links of "Group"s to the library will remain. | |
People: Y Terminal: N |
No links will be cancelled. | |
People: Y Terminal: Y |
No links will be cancelled. | |
People: N Terminal: Y |
People: Y Terminal: Y |
No links will be cancelled. However, all people contained in "Group"s which are linked to the library may now also log on the library! |
The user with the same user ID as the library ID always has access to his/her private library.
In public mode, other users' access to someone's private library is determined by the settings of the fields People-protected and Terminal-protected in the security profile of the private library. Possible values for the field People-protected are "P" (which is the default value, and which corresponds to "Y" in other library profiles) and "N" (which is the same as in other library profiles). Possible values for the field Terminal-protected are the same as for other libraries (Y, N or A). The possible protection combinations are described above.
In private mode, no other user has access to someone else's private library.
To allow a user access to a protected library, a link has to be established between the user and the library.
Only users of types "Administrator", "Person", and "Group" can be linked to a library.
Users of types "Administrator" and "Person" can be linked to a library either directly or via a "Group".
Users of types "Member" and "Terminal" can be linked to a library only via a "Group"; that is, they must be assigned to a "Group", and the "Group" be linked to the library.
Two functions are available to establish and maintain links between users and libraries:
a User Maintenance function to link one user to one or more libraries,
a Library Maintenance function to link one or more users to one library.
Both functions are described below.
To link one user to one or more libraries:
On the User Maintenance selection list,
mark the user you wish to link with function code LL
.
A window will be displayed, providing the following options:
Start value - You can enter a start value for the list of libraries to be displayed (as described in the section Finding Your Way in Natural Security).
Selection criterion - N = none: all libraries will be listed; L = linked: only libraries to which the user is already linked (normal and special links, including temporarily locked ones) will be listed; U = unlinked: only libraries to which the user is not yet linked will be listed.
Then the Link User To Libraries selection list will be displayed, showing the list of libraries. It includes all protected libraries; that is, if you link a user of type "Person" or "Administrator", it includes all libraries with "People-protected" set to "Y"; if you link a user of type "Group", it includes all libraries with at least one of the two protection values set to "Y". The list can be scrolled as described in the section Finding Your Way in Natural Security.
On the list, you mark the libraries to which you wish to link the selected user.
In the Co column, you may mark each library with one of the following function codes (possible code abbreviations are underlined):
Code | Function |
---|---|
LK
|
Link - The user may use the library with the security profile of the library being in effect. |
SL
|
Special Link - The user may use the library with a special security profile to be defined for the link; the link profile will take precedence over the library profile. See Special Links below. |
CL
|
Cancel - An existing link or special link will be cancelled. |
TL
|
Temporarily Locked - An existing link or special
link will be suspended until it is re-establishd. A suspended link or special
link can be re-established by marking the library concerned with
|
DL
|
Display Special Link - The security profile of an existing special link between the user and the library will be displayed. |
DI |
Display Library - The security profile of the library will be displayed. |
LD |
Modify DDM Restrictions in Special Link Profile (This function is not available on mainframe
computers. It corresponds to function |
You can mark one or more libraries on the screen with a function code.
For each library marked, the selected functions will be executed one after another. When processing is completed, a message will be displayed stating the link situation now in effect for each library.
To link one or more users to one library:
On the Library Maintenance selection
list, mark the library to which you wish to link users with code
LU
.
A window will be displayed, providing the following options:
Start value - You can enter a start value for the list of users to be displayed (as described in the section Finding Your Way in Natural Security).
Selection criterion - N = none: all users will be listed; L = linked: only users which are already linked to the library (normal and special links, including temporarily locked ones) will be listed; U = unlinked: only user which are not yet linked to the library will be listed.
Then the Link Users To Library selection list will be displayed, showing the list of users. It includes all users of types "Group", "Administrator", and "Person". It can be scrolled as described in the section Finding Your Way in Natural Security.
On the list, you mark the users you wish to be linked to the selected library.
In the Co column, you may mark each user with one of the following function codes (possible code abbreviations are underlined):
Code | Function |
---|---|
LK
|
Link - The user may use the library with the security profile defined for the library being in effect. |
SL
|
Special Link - The user may use the library with a special security profile to be defined for the link; the link profile will take precedence over the library profile. See Special Links below. |
CL
|
Cancel - An existing link or special link will be cancelled. |
TL
|
Temporarily Locked - An existing link or special
link will be suspended until it is re-establishd. A suspended link or special
link can be re-established by marking the user concerned with |
DL
|
Display Special Link - The security profile of an existing special link between the user and the library will be displayed. |
DI |
Display User - The security profile of the user will be displayed. |
LD |
Modify DDM Restrictions in Special Link Profile (This function is not available on mainframe
computers. It corresponds to function |
You can mark one or more users on the screen with a function code.
For each user marked, the selected functions will be executed one after another. When processing is completed, a message will be displayed stating the link situation now in effect for each user.
If a library security profile determines the conditions under which the library may be used generally, the special-link security profile determines the conditions under which the user (or group of users) thus linked may use the library. This means that by using special links you may define for different users different conditions of use of the same library.
The items you define in a special-link profile take precedence over the corresponding items in the library profile.
Some items cannot be set in special-link profiles. For these, the settings specified in the library profile apply.
If you mark a user/library with SL
, you may define
the security profile for this special link on the screens which will be
displayed. The default settings which appear on the Special
Link security profile screens are taken from the security profile of
the library.
The components of a special-link security profile correspond with those you may define as part of a library security profile (see Components of a Library Profile in the section Library Maintenance).
To modify an existing special-link security profile, mark the
respective user/library with SL
again on the Link Users
To Library or Link User To Libraries screen: the Special
Link security profile screen will be invoked for modification.
To view the security profile of a special link, mark the
respective user/library with DL
on the Link Users To
Library or Link User To Libraries screen: the Special
Link security profile screen will be displayed.
When a user logs on to a protected library, Natural Security will execute a number of checks to determine under which conditions the user may use the library. If none of the checks are positive, the logon will be rejected.
The following checks will be executed in the following order:
Library Protection | Checks Performed | ||||||
---|---|---|---|---|---|---|---|
|
First: Check whether the user is linked directly to the library; if the user is linked with a special link, the conditions defined in the special-link security profile will be in effect; if the user is linked with an ordinary link, the conditions defined in the library security profile will be in effect. Second: Check whether the user is in a group which is linked to the library; if the user is contained in more than one group, these groups will be checked in the following order: first the Privileged Groups in the user's security profile will be checked in order of entry, then the other groups will be checked in alphabetical order; the first linked group found will be selected; if the group is linked with a special link, the conditions defined in the special-link security profile will be in effect; if the group is linked with an ordinary link, the conditions defined in the library security profile will be in effect. |
||||||
|
Check whether the terminal is in a group which is linked to the library; if the terminal is contained in more than one group, these groups will be checked in the following order: first the Privileged Groups in the terminal's security profile will be checked in order of entry, then the other groups will be checked in alphabetical order; the first linked group found will be selected; if that group is linked with a special link, the conditions defined in the special-link security profile will be in effect; if that group is linked with an ordinary link, the conditions defined in the library security profiles will be in effect. |
||||||
|
If the user logs on with a user ID, the same checks as under 1. will be executed. If the user logs on without specifying a user ID, the same checks as under 2. will be executed. |
||||||
|
The same checks as under 1. will be executed. |
Anmerkung:
The terminal must be in a group which is linked to the library,
but the conditions of use are determined by the user's link.
When logged on to a library, a user may enter the Natural system
command PROFILE
to ascertain which conditions of use
are currently in effect.
When you enter the PROFILE
command, the
Security Profile screen is displayed, showing the
following information:
User | |
---|---|
ID | The user's ID. |
Name | The user's name. |
Type | The user type. |
Link ID |
The current value of the Natural system variable
An asterisk (*) next to the ID indicates that the group's/user's link to the current library is a Special Link. |
ETID | The current value of the Natural system variable
*ETID .
|
Library | |
ID | The ID of the current library. |
Name | The name of the current library. |
Steplibs | The steplibs of the current library. |
Transactions | |
Startup | The current value of the Natural system variable
*STARTUP .
|
Restart | The name of the restart transaction. |
Error | The current value of the Natural system variable
*ERROR-TA .
|
If you mark the field Additional Options on the Security Profile screen with "Y" or press PF4, a window will be displayed from which you can select the following items of information:
Security options
Security limits
Session parameters
Command restrictions
Editing restrictions
Statement restrictions
Time windows
System files
Natural version
The options where something is defined for the current user are marked with a plus sign (+).
You can select one or more items from the window by marking them with any character. For each item selected, an additional window/screen will be displayed (in the order of the items in the selection window).
If you press PF5, the NSC Utility Access Rights window will be displayed, providing an overview of the utility functions which you are allowed to use in each library.
If you have issued the PROFILE
command from within a utility, the window lists the functions available in that
utility.
If you have issued the PROFILE
command elsewhere, the window lists all utilities along with information on
whether some or all functions of a utility are allowed/disallowed for a
specific library. (The notation <others>
in the Library
field of the window indicates all libraries for which nothing specific has been
defined.) To obtain more detailed information on the utility functions allowed
for a particular library, you can select one or more libraries from the window
by marking them with any character.