Using the SSM Command
The SSM (Security System Maintenance) command allows you to set up system security by defining network profiles for PLIds, user profiles for user-ids and associated security profiles, environment settings, encryption keys and password definitions.
Command class
Cataloged DataBasic program
Syntax
SSM
Restriction
SYSMAN account only.
SSM screen
On entering SSM at TCL, the following screen is displayed.
S E C U R I T Y S Y S T E M M A I N T E N A N C E
===============================================================================
1. Define Network Profiles
2. Define User Profiles
3. Define Security Profiles
4. Define Environment Settings
5. Define Encryption Keys
6. Define Password Definitions
Enter profile number. >
Options 1 to 3 are used to maintain network profiles, user profiles, and security profiles. Option 4 allows you define alternative Reality operating environment settings. Option 5 allows you to define encryption keys, which can then be used to encrypt your data. Option 6 allows you to configure user and account password definitions, including minimum and maximum password length; allowed patterns of alphabetic, numeric and special characters; sequences of ascending or descending characters; and so on.
To select one of these options enter 1, 2, 3, 4, 5 or 6 at the prompt. To return to TCL, press RETURN.
Common features of profiles screens
The screens for the three types of profile — network, user and security — are all used in a similar way.
At the prompt, you can:
-
Enter the ID of a profile to define or update.
-
Enter
?to list the defined profiles. -
Enter
Dto update the default profile. -
Enter
*to update the current profile.SSM displays your current PLId,
user-id or security profile as appropriate, with the assigned profile (if any) or else the DEFAULT profile. -
Press RETURN to return to the SSM screen.
The cursor waits at the prompt until you do this. On specifying an ID, the screen shows the appropriate profile:
-
If you specify an existing profile, SSM reads the profile from the appropriate item in the NETWORK, USERS or SECURITY file.
-
If you specify an ID that is not on file, SSM prompts as follows:
'profile-id' is a new item.
:
Enter an existing ID to use as a template; (CR) for DEFAULT; EX to exit;Enter the ID of the item that you want to use as a template. This can save you having to enter much of the profile information. Alternatively, if you press RETURN, a DEFAULT profile is displayed (or, if missing, a system default profile).
Thereafter, at the screen prompt, you can:
-
Enter the number in the range 1 to the maximum field number, to edit an attribute in the profile.
-
Enter
EXto return to TCL without creating or modifying the profile. -
Enter
FIto save the displayed profile item in the appropriate file. -
Enter
FDto delete the displayed profile item from the file.
Any other response results in an error message.
For each option or attribute selected, an information prompt is displayed in the middle of the screen along with a help message at the bottom of the screen. Input is typed at the information prompt and can be one of the following:
-
A numeric value.
-
YorN, for yes or no, respectively. -
A character string.
-
The help character - a question mark (
?).
A character string is a sequence of alphanumeric characters, as in a name or description, or a list of values. Some of the data in the security files is multivalued so that you can add or delete specific values within the value string, or just type the entire string. If you type the entire string, the values must be separated with a comma (,). You can remove multivalued data by typing a backslash (\). This nulls the entire attribute.
If you type the help character (?), a help message is displayed and you are prompted again. Multivalued data automatically displays the help message along with the current values for the option selected, if any exist.
NETWORK file maintenance options, USERS file maintenance options and SECURITY file maintenance options describe the options available in the three types of profile including their purpose, the prompts displayed and the input required at each prompt.