LogoLogo
ProcMan Admin Guide V6.0.0
ProcMan Admin Guide V6.0.0
  • Welcome
  • Release Notes
  • Installation
    • System Requirements
    • Prerequisites
    • Component Overview
    • Before the installation
      • Required authorizations
      • Required persons
      • Preparation of the installation
    • ProcMan Installation Guide
      • DB2 Client Installation and configuration
      • Step 1: Adjust the windows code page
      • Step 2: Installation of HWF (HORIZONT Web Framework)
      • Step 3: Activate the DB2 PHP Extension
      • Step 4: Installation of ProcMan
      • Step 5: Set up HWM (HORIZONT Workflow Manager)
      • Step 6: Setting up the configuration files
        • Initial setup of hos_db_config.php
        • Initial setup of hos_config2.php
        • Environment files
      • Step 7: Check installaton and change admin password
      • Step 8: Web Server configuration
        • ProcMan server certificate
        • Client certification
        • HTTP configuration
      • Encrypted secure LDAP communication
      • Communication with external systems
  • ProcMan Update Guide
  • Installation and customization JCL z/OS part
    • Installation overview
    • Setting up TLS Communication
    • Installation steps on z/OS
    • Update installation steps on z/OS
    • Post Installation tasks and customization at z/OS
    • Administration dialog z/OS
    • JCL Rules syntax and help
    • JCL Examples
      • xxSADUMP
      • xxSJCUST
      • xxSDELD
      • xxSJFCNT
      • xxSJVSFL
  • Administration Dialog
    • General structure
    • Definitions
      • Clients
      • Roles
      • Accounts
        • Accounts list
        • Creating a new account
        • Importing accounts via LDAP
        • Configuring authentication z/OS system
        • Editing an account
        • Changing password
        • Deleting accounts
      • Timezone assignment
      • Role assignment
        • Roles / Users list
        • Users to role assignment
        • Roles to user assignment
      • Calendars
      • Calendar assignment
      • Search areas
      • Actions
      • Global definitions
      • Process definitions
      • Object browser
    • Tools
      • Deleted Processes
      • Automaton
      • Transfer Case
      • Encryption
      • Log Files Administration
      • Benchmark
      • Savepoints
      • Web Server Restart
    • Utilities
      • User information update (hwm_update_accounts)
      • Role assignment (hwm_update_user_roles)
      • Certificate request generation (hwm_cert_request)
      • Export of libraries from archive (hwm_export_zos_library)
      • Report generation (hwm_process_report)
      • Triggering autoexecution of activities (hwm_autoexec)
      • Maintenance of the custom_data table (hwm_custom_data)
      • Benchmark (hwm_benchmark)
    • Rest-API Interface
      • Usage of the RestAPI
        • RestAPI GUI by ProcMan
        • cURL utility
      • REST-API Modules
        • m_environment
        • m_jcl_approve
        • m_jcl_confirm
        • m_jcL_fillforms
        • m_jcl_generate
        • m_jcl_check_parallel
        • m_jcl_select_file_arc
        • m_jcl_select_file_sys
        • m_jcl_change
        • m_tws_adhoc_appl
      • RestAPI Troubleshooting
  • Modules customization
    • Customization JCL Module
      • File Formats
      • Basic configuration
        • hos_config.php
          • debug_screen_enabled
          • debug_files_enabled
          • debug access
          • debug_ml
          • hos_version
        • hos_config2.php
          • base_tmp_dsn
          • duplicate_member
          • environment
            • codepage
            • exclude_delete
            • jcl_dd_forms
            • jcl_osj
            • jcl_result_files
            • jcl_supported_statements
            • target_mirror
            • task
            • temp_dsn_alloc_site
            • tmp_dsn_alloc_site_ps
            • template
            • zos_tech_user
            • template_dsn_cntl
            • base_tmp_dsn
          • file_list_column
          • jobname_format
          • list_limit
          • member_processing_method
          • member_spearator
          • pager
          • passwords
          • ps_transfer
          • reload_environment
          • remove_from_archive_on_delete
          • rot_client_code_page
          • rot_ini_file
          • rot_separator
          • script_access_log_file
          • syntax_highlighter
          • syntax_highlighter_combo
          • system_mapping
          • template_dsn_cntl
          • tmp_dir
          • web_code_page
          • xinfo
          • zos_tech_user
        • hos_db_config.php
        • hos_jcl_config.php
        • hos_sysin_config.php
        • horcclnt.ini
      • Process configuration
      • Dictionary
      • User forms
        • <groups> XML section
        • <group> XML section
        • <item> XML section
          • wai_input
          • wai_select
          • hidden
          • multiline
          • freetext
          • text
        • FORMCONT table
    • Customization IWS ZOS Module
      • IWS Configuration
      • Process configuration
      • Environment configuration
      • IWS Additional Data
        • Configuration of IWS additional data
        • Configuration of structure of IWS additional data
        • Database structure IWS additional data
        • Import & export of IWS additional data
          • Options for tws_addata command line utility
          • Example usage of tws_addata command line utility
      • IWS Rules
        • Input data and output data
        • IWS rules basic configuration
        • IWS rules configuration in process configuration
        • Database structure for IWS rules – lookup table
        • INIT element
        • Processing elements
          • Processing element TEST
          • Processing element PARALLEL_CHECK inside TEST element
          • Processing element CHECK
          • Processing element CHANGE
          • Change Runcycle offsets
          • Processing element INSERT
          • Processing element DELETE
          • Processing element MESSAGE
        • Conditions element COND
        • Conditions element OICOND
        • Substring operation
        • Logging of IWS rules processing
      • IWS ADHOC
        • IWS ADHOC SIMPLE process
        • IWS ADHOC ON DEMAND process
        • IWS ADHOC ONE TIME process
        • Settings for creation and update of JCL scripts
      • IWS CP
        • Modifying operations in current plan
          • Configuring JCL edit task for CP operation
      • IWS Object Browser
      • Automatic Activities
      • Customizing IWS Processes
        • Customizing process messages
        • Customizing list of AD applications
          • Customizing the selection criteria using app_sec
          • Customizing the AD list result using tws_sec
        • Customizing picker lists
          • Customize picker lists using app_sec
          • Configuring picker list using tws rules lookup
        • Customizing parallel IWS application modifications
        • Customizing technical user for z/OS
        • Customizing IWS systems with process definition parameter
    • Customization Control-M Module
      • Prerequisites
      • Installation
      • Configuration
        • Configuration files
        • Actions
        • Process and object parameter definitions
      • Examples
        • Configuration of the communication with Control-M
        • Call configuration file
        • Rules configuration file
        • Actions
        • Process
        • Object Browser
      • Automatic Activities
      • Starting Activities Via Rest API
    • Customization Universal Object Module
      • Configuration
        • Configuration files
          • hos_docu_config.php
          • hos_docu_call_config.php
        • Actions
          • Activity actions
          • Report action
          • Cleanup action
          • Object Browser action
        • Process and object parameter definitions
      • Example
        • Configuration file
        • Actions
        • Process
        • Object Browser
      • Automatic Activites
      • Starting Activities Via Rest API
        • Request
        • Response
        • Automatic activities
  • JCL Rules
    • Introduction
    • Basics
      • Comments
      • Variables
      • Data Types
      • Operators
      • Functions
      • Rules
      • Expressions
      • Conditions
      • Loops
      • Includes
    • Examples
    • Keywords
    • Statements
    • Functions
      • Debugging
      • Date & Time
      • Forms
      • Lists
      • ProcMan Objects
      • Process Information
      • SmartJCL Objects
      • Strings
      • Variables
      • Other
      • Testing
      • XML
    • Predefined Constants
  • FAQs, Tipps & Tricks, etc
    • ProcMan Tipps & Tricks
      • HWM
      • APP_SEC
      • Useful php functions
Powered by GitBook
On this page
Export as PDF
  1. Modules customization
  2. Customization IWS ZOS Module
  3. Customizing IWS Processes
  4. Customizing list of AD applications

Customizing the AD list result using tws_sec

For ProcMan 4.0.11. and later you can put restrictions to the AD list to individual users or ProcMan groups. The (key) settings are always connected to three parameters:

ProcMan Client, Process name, Limit setting (a flag or string in process configurations and tws_sec table).

Limit setting can be specified in modules m_tws_ad_appl_sel and m_tws_ad_appl_load.

In module m_tws_ad_appl_sel it is configured in interface i_tws_ad_appl_sel.

In module m_tws_ad_appl_load it is used in interfaces for selections: i_tws_ad_appl_sel_mod, i_tws_ad_appl_sel_del.

Interface i_tws_ad_appl_sel_mod is used to select AD for modification and copy.

Interface i_tws_ad_appl_sel_del is used for selection AD for delete.

Example setting in process config, sel setting is used for modification and copy, del setting is used for delete

'name' => 't0140',
        'type' => 'task',
        'module' => 'm_tws_ad_appl_load',
          'input' => array (
             'i_environment' => '',
             'i_tws_ad_appl_sel_mod' => 'tws_target_system="source",
                 interrupt=false, limit="sel"',
             'i_tws_ad_appl_sel_del' => 'tws_target_system="source",
                 interrupt=false, limit="del"',
             'i_tws_ad_appl_mod' => 'interrupt=true',
             'i_tws_ad_appl_ins' => '',
             'i_tws_ad_appl_del' => 'interrupt=false',
             'i_tws_ad_oper_load'=> 'silent=false',
   ),

In the bin directory of ProcMan is commandline utility tws_sec. This utility can import or export settings from csv file.

Columns in csv file

  • Role – ProcMan role

  • User – ProcMan Account (login user)

  • Adid – IWS Application ID

  • Adowner – IWS Owner ID

  • Adgroupid – IWS Authority group ID

  • Jobname – jobname, this column can be used in ProcMan 5.0.3 and higher

For all setting you can use wildcards:

  • wildcard represents zero, one or multiple characters

% wildcard represents exactly one character

Example hos_sec.csv file with settings,

role,user,adid,adowner,adgroupid

role,user,adid,adowner,adgroupid
D*,P370V,%V*,,
D*,P370V,T*,,
D*,P371B,%P*,,
D*,P371B,T*,,
D*,P3*,TE*,P*,

For all setting you can use parameters from ProcMan process with the expression %(<parameter name>).

Example for security using ProcMan parameter ADHOC_APP loaded from ProcMan process

role,user,adid,adowner,adgroupid
D*,P370J,%%%(ADHOC_APP).*,,

Conditions in one line are connected with logical AND operator – role D* AND user P370V AND application ID is %V*.

More lines with identical user and role are connected with logical OR operator, in our example for role D* and user P370V the applications ID can be %V* or T*.

In cmdline you can import this csv file to ProcMan client HORIZONT and process IWSZ_TEST with command

tws_sec -f hos_sec.csv -c HORIZONT -p IWSZ_TEST -l sel -o import

to get the syntax enter tws_sec without parameter or with -h:


tws_sec -h 

script for export and import of security data for ProcMan -IWSz
  -h  Show this help menu
  -o  Option for manipulation -  import, export, delete, show
  -f  Filename for command output or input
  -c  ProcMan  client name
  -p  ProcMan  process name
  -l  ProcMan  setting limit in process config
  -m  file export mode, w - overwrite existing file, a - append existing file
example usage:
 tws_sec -o show
  - shows summary of all security data
 tws_sec -f sec1.csv -c HORIZONT -p IWSZ_ADHOC -l sel -o import
  - import data from file sec1.csv to ProcMan  process IWSZ_ADHOC,
     client HORIZONT, limit setting sel
 tws_sec -f sec2.csv -c HORIZONT -p IWSZ_ADHOC -l sel -m w -o export
  - export data to file sec2.csv from ProcMan  process IWSZ_ADHOC,
     client HORIZONT, limit setting sel
 tws_sec -c HORIZONT -p IWSZ_ADHOC -l sel -o delete
  - delete data from ProcMan  process IWSZ_ADHOC, client HORIZONT,
      limit setting sel

The security setting always apply only one combination of role and user that has the best match for the current user.

In our example when user P370V log in process IWSZ_TEST then settings for user P370V and role D* are applied, the general setting for user P3* and D* is ignored.

In our example when user P370C log in process IWSZ_TEST then settings for user P3* and D* are applied, all specific settings for users P370V and P371B are ignored.

Alternative to csv file it is possible to insert data directly to database table twaz_hos_sec by SQL INSERT.

Columns in Table procman.TWAZ_HOS_SEC (all varchar):

  • FLAG,

  • CLIENT_NAME,

  • PROCESS_NAME,

  • ROLE_NAME,

  • USER_NAME,

  • ADID_COND,

  • ADOWNER_COND,

  • ADGROUPID_COND,

  • JOBNAME_COND

Sample Insert, to allow user P370V to select in process IWSZ_TEST applications T* only:

 
INSERT INTO procman.TWAZ_HOS_SEC VALUES (      
   'sel',                                      
   'HORIZONT',                                 
   'IWSZ_TEST',                          
   'D*',                                       
   'P370V',                                    
   'T*',                           
   '',                                         
   '',
   ''                                          
   );
PreviousCustomizing the selection criteria using app_secNextCustomizing picker lists

Last updated 1 month ago