determination as to whether a given operator is authorized to do a given transaction.<br />MAGEC will first do all of its own security checking. If the transaction is rejected by the intrinsic checks, it will (cont.)<br />issue the standard "unauthorized..." message without ever calling the external security module; however, if MAGEC (cont.)<br />security parameters show the operator to be authorized, it will then call your module for further checking. If your (cont.)<br />module passes back an unauthorized status, a message is issued to the operator. If your module returns an authorized (cont.)<br />status, the transaction will be allowed to process.<br />The external security program you write is an ordinary, usually Command-Level Cobol, program which may issue calls to (cont.)<br />an interface provided with your external security system. You specify to MAGEC the name of that program in the MAGEC (cont.)<br />System Parameters table, Table #243. The parameter is named SECURITY-EXIT. Thus, you could enter the command (cont.)<br />online:<br />TBLCHG 243/SECURITY-EXIT<br />&nbsp;<br />and then set or alter the name of your security checking program. If you specify a name of all spaces, MAGEC will (cont.)<br />bypass attempting to call your program and only the intrinsic MAGEC security parameters will be (cont.)<br />used.<br />In order to write a security checking program you must follow a few simple conventions. Those conventions are discussed in this chapter under the heading Security Exit.<br />## <br />Bypassing MAGEC Security<br />Some MAGEC users may wish to bypass MAGEC's security checking altogether. Normally this would be because they have (cont.)<br />written a security exit program which will accomplish the necessary authorization checking instead.<br />To bypass MAGEC's security the MAGEC-SECURITY System Parameter should be set to NO. This can be done using the online command:<br />TBLCHG 243/MAGEC-SECURITY<br />&nbsp;<br />A setting of YES (the default) will allow normal MAGEC security checking, a setting of NO will bypass MAGEC's security checking altogether.<br />If you choose to bypass MAGEC's security you should be careful to consider that the activity logging and automatic menu (cont.)<br />systems are based upon the security parameters and ID's. Also,the employee ID in any audit stamp (maintained by the (cont.)<br />MAGEC I/O module) is taken from the employee number given when the operator logs on. With MAGEC's security bypassed, it (cont.)<br />is not necessary for an operator to log on to MAGEC in order to do any function; therefore, the empoloyee number would (cont.)<br />be zero.<br />One suggestion which might help minimize difficulties associated with bypassing MAGEC security is to have a (cont.)<br />SECURITY-EXIT program set a meaningful value into the employee number in the TWA security area. It could also set (cont.)<br />authorization levels to help the dynamic menu system in MAGEC to produce more concise menus.<br /># <br />Online Maintenance<br />## <br />LAP Definitions<br />Maintenance to the MAGEC LAP file is done online using the LAP File Maintenance Screen (see opposite page) and the (cont.)<br />LAPADD, LAPCHG, etc. Function Codes. The standard set of nine Functions is provided. The key value (nn) must be numeric (cont.)<br />and not less than 01 nor greater than 50. The LAP must be defined here before it can be specified as the Logical (cont.)<br />Application for any Function Code (FCD). The Main Menu screen (**MENU Function Code) is produced from the LAP file, it (cont.)<br />shows all the Logical Applications for which the Operator (who invoked the Menu) is authorized (has an Authorization (cont.)<br />Level greater than 0).<br />The SHORT NAME** is a four-character (or less) abbreviation for the Logical Application, such as: G/L, or A/P, for (cont.)<br />General Ledger or Accounts Payable, etc. It is used where there is insufficient space to show the LONG NAME, such as on (cont.)<br />the SIF and DVC Maintenance screens.<br />The** LONG NAME** is a 35-character (or less) name for the LAP which will be used where space permits, such as on the Main Menu.<br />Logical Applications are an important part of MAGEC security. However, since there is a limit of 50 LAP's it is wise to (cont.)<br />avoid indiscriminately using up all available numbers. The User View and Location Code security provide added (cont.)<br />dimensions which can logically subdivide the Logical Applications. For instance: an Operator at Headquarters, having (cont.)<br />the same Authorization Level for General Ledger as another Operator at a Remote Site, might actually possess vastly (cont.)<br />greater authorization access since many General Ledger Functions might be available only via a User View which the (cont.)<br />other Operator is not allowed to log onto.<br />**<br />NOTE:<br />**<br />When a new LAP is added it will be necessary to define Authorization Levels for it on the SIF and DVC profiles for those Operators and Devices which are to have access to it.<br />| ```<br />**<br />&nbsp;LAPxxx nn<br />&nbsp; M A G E C<br />LOGICAL APPLICATION DEFINITION<br />LOGICAL APPLICATION NUMBER= nn<br />&nbsp; SHORT NAME: ____<br />&nbsp; LONG NAME: ___________________________________<br />Press PF4 for browse (LOC) screen&nbsp; Press PF13 for Hardcopy<br />Press PF16 to Copy field to buffer&nbsp; Press PF17 to Paste data from buffer<br />Press PF2 for field-level HELP<br />```** <br />Figure 02 -- LAP File Maintenance Screen<br />## <br />FCD Definitions<br />Online maintenance to the FCD file is done using the FCD File Maintenance Screen shown on the facing page. The standard (cont.)<br />set of Function Codes is provided: FCDADD, FCDCHG, etc. The key value (ffffff) is a six-character Function (cont.)<br />Code.<br />The **DESCRIPTION** is a 30-character literal which will appear, among other places, on the third-level Menu screen.<br />The **LOGICAL APPLICATION NUMBER** is the number of the LAP to which this Function Code belongs, it must be defined on the LAP file to be valid.<br />The **LAP description** will be displayed beside the LAP number.<br />The parameters which appear under **TEST** and **PRODUCTION** headings apply to this Function depending whether in a TSnn or PRnn User View.<br />The **USER VIEWS** fields are to contain "masks" of Yes/No indicators (Y and N) to specify in which User Views this Function Code is to be allowed. A blank in any position is equivalent to an N.<br />The **MMP NUMBER** fields specify which program (MMP) is to be invoked by MAGEC to handle this Function Code.<br />The **AUTH LEVEL** specifies the Authorization Level (0 - 9) which the Operator/Device must possess in the LAP specified above in order to do this Function.<br />The **HOLD** flag may be set to Y (*Yes*, on hold) or N (*No*, not on hold) by the Security Officers.<br />The **AUTO EDIT** parameter specifies that the MAGEC Automatic Editing is to be done for this Function. Functions (cont.)<br />ending in ADD, CHG, and DUP must be specified Y (*Yes*). Other Functions may be Y or N. This allows non-standard (cont.)<br />Functions to take advantage of the Auto-Editing.<br />Central Security Officers may add or change any FCD record. Local Security Officers may only change those which their own Authorization Levels permit them to do.<br />| ```<br />**<br />&nbsp;FCDxxx ffffff<br />&nbsp; M A G E C<br />&nbsp; FUNCTION CODE DEFINITION<br />&nbsp;FUNCTION CODE= ffffff DESC:&nbsp;___________________________<br />&nbsp;LOGICAL APPLICATION NUMBER:&nbsp; __ _______________________________<br />TEST PRODUCTION<br />87654321 87654321<br />USER VIEWS:&nbsp;________ USER VIEWS:&nbsp;________<br />MMP NUMBER:&nbsp;___ MMP NUMBER:&nbsp;___<br />AUTH LEVEL:&nbsp;_ AUTH LEVEL:&nbsp;_<br />&nbsp; HOLD:&nbsp;_ HOLD:&nbsp;_<br />THIS FUNCTION WILL INVOKE AUTO EDIT (Y OR N):&nbsp;_<br />Press PF4 for browse (LOC) screen&nbsp; Press PF13 for Hardcopy<br />Press PF16 to Copy field to buffer&nbsp; Press PF17 to Paste data from buffer<br />Press PF2 for field-level HELP<br />```** <br />Figure 03 --&nbsp; FCD File Maintenance Screen<br />## <br />**LOAD Function<br />Security data is maintained on online Dictionary files but is transferred into main memory tables for run-time (cont.)<br />efficiency. Data from the FCD-File, DCL-File, ELT-File, and KYF-File are handled this way for use by the Security (cont.)<br />system and other MAGEC Features.<br />When the Security Officer does an update to the FCD-File, for example, the file record is changed, but not the (cont.)<br />in-memory image. At system start-up time (when the TP Monitor is "brought-up") these in-memory images are loaded from (cont.)<br />the files. In order to permit dynamically changing Security parameters without stopping and starting the TP Monitor; a (cont.)<br />special Function is provided for Security Officers (and others who need it). The Function is:<br />**LOAD xxxxxxxx<br />&nbsp;<br />where:<br />xxxxxxxx<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />= "ONLY FCD" or "ONLY DB " or "ALL "<br />Any other value defaults to "ALL ". This permits reloading only the Function Code Table from the FCD-File or only the (cont.)<br />database definitions from the DB definition files or all of them. The loading of these in-memory tables will take (cont.)<br />(usually) 30 to 60 seconds during which MAGEC must quiesce online processing. Any operator who enters a transaction (cont.)<br />while the tables are being loaded will receive the message:<br />SYSTEM LOADING - ONE MOMENT<br />&nbsp;<br />The operator's screen will not be destroyed. Pressing ENTER (or any other transmit key) again will retransmit the same transaction.<br />## <br />Auto-Generated FCD's<br />When a new application is generated containing the standard set of nine Function Codes, MAGEC automatically generates (cont.)<br />the nine FCD entries in order to reduce the work of the Security Officers. It generates them with the LAP code set to (cont.)<br />50 (Testing) and all Production User-Views set to N and all Test User-Views to Y. The Security Officers may alter them (cont.)<br />at will, usually after Testing is complete and they are ready to "put into Production".<br />It is important to note that the way that MAGEC knows whether an application is using the standard set of nine (cont.)<br />functions, as opposed to custom functions, is by checking whether the developer has done any customization in the (cont.)<br />Insertion Point named %FUNCT. If there is no customization for %FUNCT then the MMPCRE program will automatically (cont.)<br />generate definitions for the nine standard fucntions. If there is custom code for %FUNCT, then it will not generate any (cont.)<br />such definitions, the developer will have to add the definitions using the online FCDxxx functions. If a developer (cont.)<br />wishes to create an application which supports a set of functions which is similar to the standard functions (possibly (cont.)<br />with some added functions or a few of the standard ones removed), then it is usually easier to first generate the (cont.)<br />application once with no %FUNCT customization, then to add the customization for %FUNCT and re-generate. That way (cont.)<br />MMPCRE will save the developer work by generating the standard definitions, which can be easily altered or added to (cont.)<br />online.<br />| ```<br />**<br />&nbsp;***LOAD xxxxxxxx nnnn Functions Loaded<br />```** <br />Figure 04 --&nbsp; Security Table Reload Screen<br />## <br />Global FCD Changes<br />You will often want to be able to make changes to a group of function code definitions, therefore MAGEC provides a global change facility to help you to aviod having to do many individual updates.<br />The global change facility uses the function code: FCDGBL. There are two formats for the command.<br />FCDGBL<br />&nbsp;<br />FCDGBL xxxxxx<br />&nbsp;<br />In the first format (with a blank "key" value), you will be presented a screen into which you are to enter change parameters. The screen will have all its enterable fields filled with underscores.<br />In the second format (with xxxxxx = a valid function code), you will be presented a screen with the enterable fields (cont.)<br />filled in using values copied from the function code specified (xxxxxx). This enables you to use "model" function codes (cont.)<br />you have set up to reduce your keystrokes and opportunity for errors.<br />On this first screen you are to specify which fields you wish to update. Any fields which are set to blanks (cont.)<br />(underscores are equivalent to blanks) will not be updated at all. You must specify a non-blank value in at least one (cont.)<br />field in order to continue.<br />This screen **does not update** any records, nor does it specify which records are to be updated. It merely captures (cont.)<br />the values to be used for the fields to be updated *when* you select which records are to be updated (that will happen (cont.)<br />later).<br />Pressing PF10 indicates that you have entered the values and wish to proceed to the next step. Pressing PF3 will back (cont.)<br />you up in the sequence, or back you out of the FCDGBL function altogether. PF key instructions are displayed on every (cont.)<br />screen throughout the sequence.<br />When you proceed forward, the next screen will simply give you some instructions and tell you to press ENTER to (cont.)<br />continue. It will display the field value(s) you have entered, but the screen fields will be protected so that you (cont.)<br />cannot alter them from here. After reading the instructions you should press ENTER to proceed forward. The next step (cont.)<br />will be a scan-like function very similar to MAGEC's standard xxxSCN functions.<br />You can enter a selection mask to produce a list (one screenful at a time) of functions which are candidates to be (cont.)<br />updated. **No updating will take place yet**. You will merely create a list of items from which you can then make your (cont.)<br />selections.<br />The items which match your selection mask will be listed on the screen with an ACTION code of "Change" initially shown. (cont.)<br />You can use the cursor and PF keys to toggle each item's action code from Change to Skip and vice-versa. When you have (cont.)<br />set all of the action codes as you wish, you just press PF10 to initiate the updating. **Now, it will update records**. (cont.)<br />All items which have their action codes set to Change will be updated. Only the fields specified with non-blank values (cont.)<br />in the first screen will be altered. You will receive a display showing OK in the action codes for the items (cont.)<br />updated.<br />If there are more items which match your selection mask (for the scan operation), you can press ENTER to page forward for more candidate functions.<br />| ```<br />**<br />FCDGBL xxxxxx Enter values in fields to be changed<br />&nbsp; M A G E C GLOBAL FUNCTION CODE MAINTENANCE<br />&nbsp;<br />&nbsp;FUNCTION CODE&nbsp;DESCRIPTION:&nbsp;___________________________<br />&nbsp;LOGICAL APPLICATION NUMBER:&nbsp; __ _______________________________<br />TEST PRODUCTION<br />87654321 87654321<br />USER VIEWS:&nbsp;________ USER VIEWS:&nbsp;________<br />MMP NUMBER:&nbsp;___ MMP NUMBER:&nbsp;___<br />AUTH LEVEL:&nbsp;_ AUTH LEVEL:&nbsp;_<br />&nbsp; HOLD:&nbsp;_ HOLD:&nbsp;_<br />THIS FUNCTION WILL INVOKE AUTO EDIT (Y OR N):&nbsp;_<br />Enter new values into those fields which you wish to change, blanks into those<br />you do not wish to change. No updating occurs now, you will select records you<br />wish to have updated later. PF3 = ABORT PF10 = CONTINUE<br /><br />next: sec04.md.txt