Version 8.2.1
 —  Natural Business Services Administration  —

Using the Business Service Administration Subsystem

This section explains how to invoke the Business Service Administration subsystem and illustrates the menu structure. The following topics are covered:

Note:
For information on navigating menus, operating panels, and using online help, direct commands, and PF-keys, see What is Natural Construct?


Invoke the Repository Explorer in a Business Service Plug-in

You can use the repository explorer in a Natural Business Services plug-in to access the Business Service Administration subsystem.

Top of page

Invoke the Business Service Administration Subsystem

The Business Service Administration subsystem resides in the SYSBIZ library.

Start of instruction setTo invoke the Business Service Administration subsystem:

  1. Log onto the SYSBIZ library at the More prompt.

  2. Enter "Menu" at the Command prompt.

    The Business Service Administration Subsystem main menu is displayed. For example:

     BS__MAIN    ***** Business Service Administration Subsystem *****     CDLAYMN1 
     Feb 14                          - Main Menu -                         08:47 PM 
                                                                                    
                         Functions                                                  
                         -------------------------------------------------          
                         SA   System Administration                                 
                         AA   Application Administration                            
                                                                                    
                                                                                    
                                                                                    
                                                                                    
                                                                                    
                                                                                    
                                                                                    
                         ?   Help                                                   
                         .   Terminate                                              
                         -------------------------------------------------          
     Function .......... __                                                         
                                                                                    
                                                                                    
     Command ........... _________________________________________________________  
     Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12---
           help  retrn quit        flip                                      main   
    

The Business Service Administration subsystem is divided into System Administration and Application Administration functions. Each function has its own main menu, which leads to maintenance, query, and special functions. The following diagrams illustrate these menu structures.

Note:
If Natural Security is enabled, different options are displayed on the System Administration menus. For information, see Use Natural Security with Natural Business Services.

Structure of System Administration Main Menu

The following diagram shows the menu structure of the System Administration main menu:

graphics/system-admin-main-menu.png

Structure of Application Administration Main Menu

The following diagram shows the menu structure of the Application Administration main menu:

graphics/application-admin-main-menu.png

Top of page

Use Natural Security with Natural Business Services

The Business Service Administration subsystem is fully integrated with Natural Security. If Natural Security is being used, all updates to group and user information are applied directly to Natural Security data. It is also possible to define user-library links. If Natural Security is not being used, the Business Service Administration subsystem manages users and their groups with its own set of security tables. The security data is always synchronized with any updates made to table data, whether the updates are made to data in the Business Service Administration subsystem or the Natural Security server.

Using Natural Security instead of Natural Business Services built-in security allows you to use security definitions that are already in place. There is no need to duplicate this information in the Business Service Administration subsystem files. This functionality is provided as an alternative for users without access to a Natural Security server.

Notes:

  1. For information on enabling Natural Security in the Business Service Administration subsystem, see Using the Business Service Control Record.
  2. For information on defining users and groups when Natural Security is enabled, see Defining Users and Security Groups.

This section covers the following topics:

Configure Natural Security for Natural Business Services

You can use Natural Security to maintain users and groups by configuring your Natural Security environment so that it informs Natural Business Services whenever changes are made to user or group tables. This ensures the integrity of data in Natural Business Services security cache. If a user is unlinked from a Natural Security group, all records associated with that user in the security cache are also deleted.

Start of instruction setTo configure the Natural Security environment:

  1. Copy the NSCUSEX1 module from the SYSBIZ library into the SYSSEC library.

    If you are already using the NSCUSEX1 exit in Natural Security, copy the sections of code identified in the NSCUSEX1 module supplied with Natural Business Services into your existing version of NSCUSEX1.

  2. Use Natural Security to add SYSBIZ as a steplib to the SYSSEC library.

  3. Catalog NSCUSEX1 in the SYSSEC library.

  4. Modify your NATPARM to start Natural Security sessions to include the LFILE definitions required by Natural Business Services (LFILE 135 and 136).

Start Services in Batch Mode under Natural Security

When you are starting Natural Business Services servers as a batch job under Natural Security, refer to the guidelines supplied in the Natural Security documentation. For example, use STACK=(LOGON[library] [user-id] [pswd]) in the NATPARM settings used to start the Natural session in the batch job.

The user ID used to perform the Natural Security logon for batch jobs starting Natural Business Services must be linked to the SYSBIZ library. No other special privileges need be granted to the user.

Start of instruction setTo allow Natural Business Services to communicate with Natural Security:

  1. Invoke the Natural Security main menu.

  2. Invoke the Administration Services main menu.

  3. Invoke the General Options menu.

  4. Set the Free access to functions via interface subprograms property to "True".

Natural Security Interface to Restricted Libraries

Natural Business Services uses the published Natural Security interface, NSC---L, to determine whether a user may use a library. The interface does not provide a means to specify a DBID and FNR with the library name. If a user is linked to a library through Natural Security on a given DBID or FNR, Natural Business Services cannot verify that the library it is accessing on behalf of the user is on the same DBID or FNR specified under Natural Security.

When you define steplib chains in the Business Service Administration subsystem, be sure to only specify libraries that are protected by Natural Security. When you specify a steplib with a DBID or FNR in Natural Business Services, define the library in Natural Security with the same DBID or FNR.

Note:
You cannot use the same name for libraries with different DBIDs or FNRs.

System Administration Menus with Natural Security

When Natural Security is enabled, the options on the System Administration menus differ slightly. The following diagram shows the menu structure:

graphics/system-admin-main-menu-nsc.png

If you use Natural Security as your user and group management mechanism, the following changes are displayed in the System Administration menus:

Top of page

Use EntireX Security with Natural Business Services

If you use EntireX security to manage a security server (such as RACF, CA-TOP SECRET, or ACF2), you can use your established security system to authenticate users accessing business services. Natural Business Services supplies the SPSSAF module in the SYSBIZ library, which calls a Natural routine to perform authorization verifications based on service, domain, method, and user ID.

Start of instruction setTo configure EntireX security for Natural Business Services:

  1. Add a new resource class or type called "NBS".

    Note:
    If you call it something other than NBS, you must change the reference to the class or type in SPSSAF.

  2. Create resource profiles for each domain/service/method combination used in the application using the format: domain.service.method.

    Ensure that the number of characters specified in resource profiles does not exceed 32. Do not use special characters in your resources.

  3. Add the resource profiles to the resource class or type.

  4. Set up your business service dispatch server to use the SAF security mode.

    Notes:

    1. For information on setting up the dispatch server, see Defining and Managing Servers.
    2. For information on defining resources to your security server, refer to the EntireX Security documentation.

Tip:
If you modify the resource profile after the business service is in use, reset the business service security cache (to clear previous permissions from memory). For information, see Reset the Security Cache.

Top of page

Use a Hybrid Security Server with Natural Business Services

Natural Business Services also supports a hybrid security server. For example, you can use EntireX security for user authentication (mainframe access rights) and perform validations against FSEC (Natural library and domain/service/method authorization) or Natural Business Services security. The business service control record definition determines which security server is used.

Start of instruction setTo use a hybrid security server with a dispatch server:

  1. Display the second Maintain Servers panel for the dispatch server.

    For information, see Access the Maintain Servers Panels.

  2. Enter one of the following settings for SECURITY-MODE in the Server Start Parameters section:

    Setting Description
    SAF-NSC (for validations against FSEC) The dispatch server verifies business service rights defined in the Natural Security file.
    SAF-APPL (for Natural Business Services security) The dispatch server verifies business service rights defined in the Natural Business Services security file.

    In both cases, the dispatch server uses SAF/EXX security for user ID and password authentication.

Notes:

  1. To use a hybrid security server, the Security mode setting for the dispatch server on the client must also be set to SAF.
  2. For information on the business service control record, see Access the Maintain Control Record Window.

Top of page