This section describes Transaction Server features that are all modified or assigned values with the COMS Utility.
The COMS Utility
Transaction Server Command Access (Control-Capable)
-
A station as a control-capable station, you enable any user logged on to that station to use all Transaction Server commands.
-
A usercode as control-capable, you enable that user to use Transaction Server commands.
If the COMS Utility window is included in the window list for the usercode in Transaction Server, a control-capable user or a user who is logged on to a station that is control-capable has access to the COMS Utility window.
To assign control capability to a station, do one of the following:
Transaction Server Control-Capable Options describes the various control-capable options.
Table 20. Transaction Server Control-Capable Options
Security Specification Interaction and Methods for Assigning Transaction Server Control Capability summarize the ways the following security specifications interact to grant or deny a usercode access to the COMS Utility and Transaction Server control commands.
Table 21. Security Specification Interaction
|
Security Specification |
Defined By |
|---|---|
|
CLASS security option (U, S0, S1, S2) |
SECOPT command |
|
LIMITCOMSUTIL security option |
SECOPT command |
|
COMSCONTROL usercode attribute |
USERDATAFILE |
|
Transaction Server control-capable access status |
Usercode Activity screen, COMS Utility |
Table 22. Methods for Assigning Transaction Server Control Capability
|
Security Specification |
Access Granted to |
|||
|---|---|---|---|---|
|
CLASS/ LimitComsUtil |
COMSCONTROL |
Transaction Server Control- Capable |
COMS Utility |
Transaction Server Control Commands |
|
U,S0/Reset |
Yes |
Yes |
Yes |
Yes |
|
U,S0/Reset |
Yes |
No |
Yes |
No |
|
U,S0/Reset |
No |
Yes |
Yes |
Yes |
|
U,S0/Reset |
No |
No |
No |
No |
|
S0,S1,S2/Set |
Yes |
Yes |
Yes |
Yes |
|
S0,S1,S2/Set |
Yes |
No |
Yes |
No |
|
S0,S1,S2/Set |
No |
Yes |
No |
Yes |
|
S0,S1,S2/Set |
No |
No |
No |
No |
Privileged-User Status (Privileged User)
Use the COMS Utility to grant certain access rights to users according to the way their usercodes are defined in the USERDATAFILE, as follows:
-
A usercode specified as PU (Privileged User) in the USERDATAFILE has the access rights normally associated with a privileged user.
-
A usercode specified as SECADMIN (Security Administrator) in the USERDATAFILE has the privileges normally associated with a security administrator.
-
A usercode designated with any granulated privilege has the capabilities associated with those privileges.
Privileged-user and security-administrator rights are described in Access Rights Designated in the SYSTEM/USERDATAFILE.
If the Privileged User field is marked N, no user has privileged-user rights and no user has security-administrator rights at the station.
Making a station a privileged-user station does not confer privilege on all users of the station. It merely enables users designated with privileges in the USERDATAFILE to make use of that status at the station.
Because there is no physical access control over an off-site terminal, it might be advisable to limit all dial-in users of the system to nonprivileged-user status. That is, enter N in the Privileged User field for dial-in stations.
Station (Terminal) Access
On the COMS Usercode Activity screen, enter a usercode and a station-list name to control which usercodes can use which stations that are under the control of the Transaction Server MCS.
To limit a user to a few stations, perform following steps:
-
Use the Station-List Activity screen to define a station-list name and to specify those stations that the user is permitted to use.
-
On the Usercode Activity screen, enter the usercode and the station-list name.
Example
Usercode SMITH is to be permitted to log-on and use only station ET1100123AB. In this case, perform the following steps:
-
Access the Transaction Server Station-List Activity screen, and enter CREATE on the Action line.
-
Enter SMITHSTATION in the Station-List Name field, and enter ET1100123AB in the Station Name field.
-
Access the Usercode Activity screen and enter MODIFY on the Action line.
-
Enter SMITH in the Usercode Name field, and enter SMITHSTATION in the Valid Station List field.
After this procedure is complete, Transaction Server permits SMITH to use only station ET1100123AB.
System Access Without a Usercode (Super-User-Capable)
By entering Y in the Super User field of the Station Activity screen, you define the station you are using as a super-user-capable station. A super-user-capable station accepts an asterisk (*) in place of a usercode in the usercode field of the log-on screen and gives that user super-user status. Super-user status is described in Types of Nonusercoded System Access.
System commands entered by a super user from a super-user-capable station have the same privilege as such commands from an ODT. System primitive commands—those preceded two question marks (??)—are not available on super-user-capable stations.
When the system security option NOSUPERUSER is set, the super-user feature is suppressed.
| Note: | Because of the privileged status of some actions when taken without a usercode, and because of the auditing problems associated with nonusercoded sessions, it is recommended that you avoid assigning super-user-capable status to any stations on systems where security is a concern.recommendationsuper-user-capable status, granting of |
By entering Y in the System User field of the Station Activity screen, you enable a user specified as SYSTEMUSER in the USERDATAFILE to use system commands at the station. A description of SYSTEMUSER rights appears in Access Rights Designated in the SYSTEM/USERDATAFILE.
If the System User field is marked N, no user at the station can exercise SYSTEMUSER rights.
Specifying a station as a SYSTEMUSER station does not confer SYSTEMUSER capability on all users of the station; it merely enables those users who are designated as SYSTEMUSER in the USERDATAFILE to make use of that status on the station.
Because there is no physical access control over an off-site terminal, you might choose to deny SYSTEMUSER status to all dial-in users. Do so by entering N in the System User field for dial-in stations.
Transaction Server Security Messages Access (Transaction Server Security Monitor Station)
The Transaction Server command MONITOR enables you to monitor the following Transaction Server security activities:
-
Attempts to log-on to the system with an invalid usercode.
-
Attempts to access a window not available for the usercode. However, failed window-access attempts that occur because of mistyped window names—such as ?ON CANDE, for example—are not reported as security violations.
-
Attempts to access the COMS Utility window from a station other than a control station or by a user who is not a control-capable user.
-
Successful attempts to access the COMS Utility window by authorized users. Such access is not a security violation.
For a station to act as a Transaction Server security monitor station, the following conditions must be true:
-
The station is named in the SECURITY station list.
-
SECURITY is included in a MONITOR command. You can enter this command directly on the Action line of any MARC screen that accepts commands. To use the control command form, preface the command with a question mark (?), or if your station is transferred to a remote host, preface the command with two question marks (??).
To add a station name to the SECURITY station list, do one of the following:
-
Use the COMS Utility Station List window.
-
If SECURITY is not defined, use the same window to create SECURITY as a station-list name and designate those stations that are to receive security messages on the station list window.
-
Enter the pseudo-station name to the SECURITY station list if your station is transferred through BNA to a remote host.
To obtain the station name or pseudo-station name of your station, do one of the following:
-
Use the MARC command WRU.
-
Enter this command directly on the Action line of any MARC screen that accepts commands.
-
To use the control command form, preface the command with a question mark (?), or, if your station is transferred to a remote host—preface the command with two question marks (??).
The MONITOR command enables you to designate the station to receive log-on and log-off notifications. MONITOR Command Examples lists examples of the MONITOR command.
Table 23. MONITOR Command Examples
When security messages are written to a disk file, the disk file name is *COMS/LOG/<mmddyy>/<hhmmss>.
When the MONITOR command is first entered, the system responds with the name of the disk file and the current MONITOR options that are reset.
For example, if the command were entered at 32 seconds after 9:02 a.m. on February 6, 1999, the system would respond
Logging to file COMS/LOG/020699/090232 initiated. Log options RESET are: ATTACH BOJ EOJ LOGON LOGOFF
A MONITOR command can designate either the PRINTER option or the DISK option, but not both.
Window Access
The COMS Utility Usercode Activity screen
-
Enables you to control which windows are available to a given Transaction Server user.
-
Specify a window list for a usercode. This window list contains the names of windows that the user is permitted to access.
-
Has a default value for the window-list name of ALL, which means that the user is permitted to access all windows.
Other restrictions can prevent a user from accessing a window even though that window is on the window list for his or her usercode.
For example, if a user is not control-capable in Transaction Server, he or she cannot access the COMS Utility window, even if the window is on the user's window list.
Full MARC Access (COMMANDCAPABLE)
The Transaction Server security category COMMANDCAPABLE provides another mechanism for placing restrictions on selected users and which stations they use.
Specifically, if you use the COMS Utility to define COMMANDCAPABLE as a valid security category for your system, a user is granted full access to Transaction Server and MARC facilities only when the user logs on:
-
Under a usercode and at a station that have COMMANDCAPABLE specified in their security category lists.
-
Under a usercode that has both STATION_SECURITY_OVERRIDE set on the USER screen and COMMANDCAPABLE specified in its security category list. In this case, the user has unlimited access to Transaction Server and MARC at any station.
When COMMANDCAPABLE is defined for the system, a user logging on under a usercode that does not have COMMANDCAPABLE specified in its security category list, or who logs on at a station that does not have COMMANDCAPABLE in its security category list, has special capabilities and is subject to special limitations, as follows:
-
The user can activate MARC screens but is limited to the following commands after logging on:
BYE
CLOSE
END
ON
PASS
PURGE
RESUME
SUSPEND
WINDOWS
WRU
-
The MARC FUNCTIONS menu can be defined as the home screen for the user. From this menu, the user can
-
View introductory information about MARC
-
Use the commands previously listed, either directly or through the associated forms
-
Log off
Refer to the System Software Utilities Operations Reference Manual for detailed information.
-
-
On a MARC screen, the only command accepted from a user without COMMANDCAPABLE status is the ON command. This command enables the user to access other windows.
This enables you to restrict a user from general access to the system, yet the user can access specific windows dedicated to some unique functions.
If COMMANDCAPABLE is not defined as a valid security category for the system, no special limitations are imposed on users.
Whenever you add or delete the COMMANDCAPABLE security category, MARC and Transaction Server must be reinitialized for the change to take effect.
Transaction Code Access
The ability to use Transaction Server transaction codes (trancodes) is controlled by assigning security categories to the trancodes. When a trancode has a security category assigned to it, only a usercode, station, or program with that security category designated for it can use the trancode.
