This section describes how to transfer Natural Security data from one system file to another. It covers the following topics:
The transfer of Natural Security data from one system file to another is only relevant if you use more than one Natural Security system file.
A Natural Security system file is specified with the Natural profile
parameter FSEC
(see
Natural Parameter Reference documentation).
The library SYSSEC
contains two programs for the
transfer of Natural Security data from one system file to another:
SECULD2
and SECLOAD
:
SECULD2
is used to unload data from one system file
to a work file.
SECLOAD
is used to load the data from the work file
onto the other system file.
The selection of data to be transferred is done with
SECULD2
. SECLOAD
will always attempt to transfer the
complete work file. However, SECLOAD
will check whether the data
to be transferred are consistent with the data already stored on the system
file. Inconsistent data will not be loaded.
The programs SECULD2
and SECLOAD
you use
must both be of the same Natural Security version. Moreover, it is recommended
that the latest available version of SECULD2
and
SECLOAD
be used.
An FSEC system file can be shared by all supported Natural Security
versions. This means that you can continue to use an existing FSEC file and
need not create a new FSEC file for a new Natural Security version. However,
should you decide to use a new FSEC file for a new Natural Security version and
wish to transfer existing security data to this new file, you unload/load the
data using the standard SECULD2/SECLOAD
transfer procedure.
Both SECULD2
and SECLOAD
can only be
invoked from within the library SYSSEC
.
To invoke SECULD2
, you enter the command
SECULD2
in the command line of any Natural Security
screen. The SECULD2 menu will be displayed.
To select the type of data to be transferred, you enter one of the following function codes on the SECULD2 menu:
Function Code | Type of Data to be Unloaded |
---|---|
* | All security data. |
D | All security data with deletion (all data will be loaded onto the work file and be deleted from the system file). |
O | Objects defined in Natural Security (users, libraries, utility profiles, etc.). |
L | Links between users and objects. |
F | Links between libraries and files (this function is only available on mainframes). |
C | Components of library profile (this function is not available on mainframes). |
P | Default profiles (user or utility profiles). |
W | Process workplan. |
In addition to the function code, you can specify the following on the SECULD2 menu:
Transfer Format |
With this option, you specify to which work file the selected data are to be written:
|
---|---|
Object Type |
If you select function code If you select function code For a selection list of possible types, enter a question mark (?) in this field. If you select function code |
Start Value |
You can specify an ID to unload a certain object or range of objects. See also Range below. Start Value is not applicable to
function codes |
Range |
This field determines how the value specified in the Start Value field is to be treated:
|
Link ID |
This field can only be used in conjunction with function
code To selecte a range of links, you use see Range field (see below). |
Range |
This field can only be used in conjunction with function
code
|
Number |
You may specify the number of objects to be transferred. (This option is not applicable to function codes
|
Date from/to |
You may specify two dates to unload only objects which were created/last modified in that period of time. (This option is not applicable to function code
|
Work File |
You specify the name of the work file to which the data are to be written. If you use Work File 5, the work-file name must end with ".sag". This field is not available on mainframes. |
Ty |
The type of work file:
This field is not available on mainframes. |
If you need to perform the same unload operation at regular
intervals, you can use a so-called "workplan". Instead of having to make all
the unload specifications every time on the SECULD2 menu,
you need to make them only once in a workplan. You then use function code
W
and only specify the ID of the workplan in the field
Object type on the SECULD2 menu.
A workplan is a Natural object of type "text", which has to be
contained in the library SYSSEC
.
The contents of the text member has to be as follows:
- START-SECULD-WORKPLAN UNLOAD ________ TRANSFER _ OBJECT-TYPE ________ OBJECT-ID _______________________________ OBJECT-RANGE _ LINK-ID _______________________________ LINK-RANGE _ NUMBER __ DATE-FROM __________ DATE-TO __________ - END-SECULD-WORKPLAN
SECULD2 evaluates the text specified after the keywords - indicated by the lines above - as follows:
Keyword | Explanation |
---|---|
-
START-SECULD-WORKPLAN |
Indicates the beginning of the text data
to be processed by SECULD2 .
|
UNLOAD |
You can specify one of the following:
|
TRANSFER |
Corresponds to the SECULD2 menu field Transfer Format. |
OBJECT-TYPE |
Corresponds to the SECULD2 menu field Object Type. |
OBJECT-ID |
Corresponds to the SECULD2 menu field Start Value. |
OBJECT-RANGE |
Corresponds to the SECULD2 menu field Range for objects. |
LINK-ID |
Corresponds to the SECULD2 menu field Link ID. |
LINK-RANGE |
Corresponds to the SECULD2 menu field Range for links. |
NUMBER |
Corresponds to the SECULD2 menu field Number. |
DATE-FROM |
You can specify one of the following:
|
DATE-TO
|
You can specify a date (in the format
If |
-
END-SECULD-WORKPLAN |
Indicates the end of the text data to be
processed by SECULD2 .
|
If you want to perform multiple unload operations with a single
workplan, you specify multiple groups of keywords/texts after -
START-SECULD-WORKPLAN
and before - END-SECULD-WORKPLAN
:
- START-SECULD-WORKPLAN UNLOAD ________ TRANSFER _ etc. ... UNLOAD ________ TRANSFER _ etc. ... - END-SECULD-WORKPLAN
A sample workplan T-WPLAN1
is provided in the library
SYSSEC
.
To invoke SECLOAD:
Enter the command SECLOAD
in the
command line of any Natural Security screen.
You will then be prompted to make the following specifications:
Load NSC Data in Transfer Format from Work File 1 |
|
---|---|
User-Defined Conversion Table |
You can determine whether or not a conversion table is to be used (Y/N). The conversion table used is provided by the API
subprogram |
Simulate Loading | This option can be used to ascertain whether all data
from the work file can be loaded, before you actually load them. When this
function is executed, the data are loaded into the system file, and then, upon
completion of the function, immediately deleted from it again.
When activating this function, you select what type of load report you want as a result of the simulation:
|
Work File | You specify the name of the work file from which the
data are to be written.
This field is not available on mainframes. |
Type of Work File |
This field is not available on mainframes. |
Expire passwords for loaded user profiles | This option can be used to enforce a password expiration
for loaded user profiles (user types A, P, M).
This option does not apply to loaded user profiles in
which the option Change after nnn
days is set to |
Anmerkung:
Data which are inconsistent or which already exist on the target
system file will not be loaded. To ascertain why data were not loaded, please
refer to the load report.
With SECULD2
and SECLOAD
, you can also
transfer security data from one hardware platform to another.
To do so:
Enter a "Y" in the Transfer Format field of the SECULD2 menu.
By pressing PF4, you can then invoke an additional window in which you can specify the following optional parameters:
Target Environment | The operating system (as in the Natural system variable
*OPSYS ) of the
target environment.
|
---|---|
Target FSEC DBID/FNR | The database ID and file number of the FSEC system file
to which the data are to be transferred. SECLOAD will compare
these specifications with the DBID/FNR of the actual FSEC file to which the
data are to be loaded: if they are not the same, the data cannot be loaded. In
this way, you can prevent an uncontrolled loading of security data. Otherwise
anybody who got hold of the work file, could load it anywhere.
|
Conversion EBCDIC-ASCII |
You can determine whether EBCDIC-ASCII conversion is to be performed (Y/N). The conversion is performed by the API subprogram
|
User-Defined Conversion Table |
You can determine whether or not a conversion table is to be used (Y/N). The conversion table used is provided by the API
subprogram |
The data will then be written, in alphanumeric form, to Work File 1,
from where they can be loaded with SECLOAD
.
Anmerkung:
When data are transferred from a mainframe platform to another
platform, SECLOAD
also checks if library IDs conform to the naming
conventions for libraries (as described under the system command
LOGON
in the Natural System Commands documentation).
Example jobs for executing SECULD2
and
SECLOAD
in batch mode on mainframe computers are shown below.
In this example, all users whose IDs begin with "ADE" and who were
last modified between 1st January and 10th June 2008, and the library
TESTLIB
will be transferred to the work file
CMWKF05
.
//SECULD2 JOB DEMO,CLASS= ,MSGCLASS= ,REGION=2048K //********************************************************** //ULD EXEC PGM=NATBATnn, // PARM='DBID=10,FNR=5,FSEC=(,8),FDIC=(,9),IM=D,MT=0,MAXCL=0,MADIO=0' //STEPLIB DD DISP=SHR,DSN=NATURAL.Vnn.LOAD // DD DISP=SHR,DSN=ADABAS.Vnn.ADALOAD //DDCARD DD * ADARUN PROGRAM=USER,SVC=249,DATABASE=10,MODE=MULTI /* //CMPRINT DD SYSOUT=* //CMWKF05 DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD, // DCB=(RECFM=VB,LRECL=4624,BLKSIZE=4628,DEN=3),DISP=(,KEEP) //CMSYNIN DD * SYSSEC,DBA,PASSWORD SECULD2 O,N,US,ADE,*,,,,2008-01-01,2008-06-10 O,N,LI,TESTLIB,1 . FIN /*
In this example, all users whose IDs begin with "ADE"
will be transferred to the work file CMWKF01
. If the
"Transfer" option is specified as "Y", the job must
contain a line for additional parameters (see
Transferring
Data to Another Hardware Platform above). In this example,
no additional parameter specifications are made (that is, they are either not
specified or specified as "N") .
//SECULD2 JOB DEMO,CLASS= ,MSGCLASS= ,REGION=2048K //********************************************************** //ULD EXEC PGM=NATBATnn, // PARM='DBID=10,FNR=5,FSEC=(,8),FDIC=(,9),IM=D,MT=0,MAXCL=0,MADIO=0' //STEPLIB DD DISP=SHR,DSN=NATURAL.Vnn.LOAD // DD DISP=SHR,DSN=ADABAS.Vnn.ADALOAD //DDCARD DD * ADARUN PROGRAM=USER,SVC=249,DATABASE=10,MODE=MULTI /* //CMPRINT DD SYSOUT=* //CMWKF01 DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD, // DCB=(RECFM=VB,LRECL=4624,BLKSIZE=4628,DEN=3),DISP=(,KEEP) //CMSYNIN DD * SYSSEC,DBA,PASSWORD SECULD2 O,Y,US,ADE,* ,,,N,N . FIN /*
In this example, all libraries whose IDs begin with
"SF" will be transferred to the work file CMWKF01
.
The target environment is a PC, and the database ID and file number of the
target FSEC system file are 89 and 356.
//SECULD2 JOB DEMO,CLASS= ,MSGCLASS= ,REGION=2048K //********************************************************** //ULD EXEC PGM=NATBATnn, // PARM='DBID=10,FNR=5,FSEC=(,8),FDIC=(,9),IM=D,MT=0,MAXCL=0,MADIO=0' //STEPLIB DD DISP=SHR,DSN=NATURAL.Vnn.LOAD // DD DISP=SHR,DSN=ADABAS.Vnn.ADALOAD //DDCARD DD * ADARUN PROGRAM=USER,SVC=249,DATABASE=10,MODE=MULTI /* //CMPRINT DD SYSOUT=* //CMWKF01 DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD, // DCB=(RECFM=VB,LRECL=4624,BLKSIZE=4628,DEN=3),DISP=(,KEEP) //CMSYNIN DD * SYSSEC,DBA,PASSWORD SECULD2 O,Y,LI,SF,* WNT-X86,89,356,N,N . FIN /*
In this example, the data will be read from work file 5
(CMWKF05
).
//SECLOAD JOB DEMO,MSGCLASS= ,CLASS= ,REGION=2048K //*************************************************** //LOAD EXEC PGM=NATBATnn, // PARM='DBID=7,FNR=23,FSEC=(,24),FDIC=(,25),EJ=OFF,MT=0,IM=D,MADIO=0,MAXCL=0' //STEPLIB DD DSN=NATURAL.Vnn.LOAD,DISP=SHR // DD DSN=ADABAS.Vnn.ADALOAD,DISP=SHR //CMPRINT DD SYSOUT=* //DDCARD DD * ADARUN PROGRAM=USER,SVC=249,DATABASE=7,MODE=MULTI /* //CMWKF05 DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD,DISP=SHR //CMSYNIN DD * SYSSEC,DBA,PASSWORD SECLOAD N,N,N,N FIN /*
In this example, the data will be read from work file 1
(CMWKF01
).
//SECLOAD JOB DEMO,MSGCLASS= ,CLASS= ,REGION=2048K //*************************************************** //LOAD EXEC PGM=NATBATnn, // PARM='DBID=7,FNR=23,FSEC=(,24),FDIC=(,25),EJ=OFF,MT=0,IM=D,MADIO=0,MAXCL=0' //STEPLIB DD DSN=NATURAL.Vnn.LOAD,DISP=SHR // DD DSN=ADABAS.Vnn.ADALOAD,DISP=SHR //CMPRINT DD SYSOUT=* //DDCARD DD * ADARUN PROGRAM=USER,SVC=249,DATABASE=7,MODE=MULTI /* //CMWKF01 DD UNIT=TAPE,VOL=SER=NATSEC,DSN=NSC.ULD,DISP=SHR //CMSYNIN DD * SYSSEC,DBA,PASSWORD SECLOAD Y,N,N,N FIN /*
To execute SECULD2
and SECLOAD
in batch
mode under UNIX or OpenVMS, you have to provide input in the batch-mode files
as follows:
The input file assigned to CMSYNIN
has to contain the
following:
SECULD2 FIN
In the input file assigned to CMOBJIN
you specify the
data to be transferred; for example:
SYSSEC,DBA,PASSWORD,, O,Y,US,ADE*,,,,,2008-02-01,2008-02-28 ,,,N,N .
This example assumes that the session was started with
AUTO=OFF
. With AUTO=ON
, you omit the user ID and
password from the first line.
The result of the data transfer will be shown in the output file
assigned to CMPRINT
.
For general information, see the batch-mode section in the Natural Operations documentation for UNIX or OpenVMS.