Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Defining co-ownership (co-owners)

Using SECOS, object owners can define the objects for which they wish to designate coowners together with the access conditions that these co-owners must fulfil when making administrative access attempts. The object owner is the user ID under which the object was created. Objects may take the form of files, job variables or libraries.

A co-owner is a user ID which is different from that of the object owner but which possesses the same rights as the object owner with regard to a specific object.

In general, the following applies to co-owners: all read, write and execute accesses to files are controlled by rules deriving from traditional file protection mechanisms:

  • If a file is protected via SHARE/ACCESS or BASIC-ACL then a co-owner has the same read, write and execute rights as the file's owner.

  • If a file is protected by GUARDS then access control is performed by evaluating the access conditions which are defined in STDAC guards.

  • If a file is encrypted with a crypto password, access to the content can only take place after the crypto password has been entered.

Using the following commands:

  • ADD-/MODIFY-/REMOVE-/SHOW-COOWNER-PROTECTION-RULE and

  • ADD-/MODIFY-/REMOVE-/SHOW-ACCESS-CONDITIONS

Co-owners can be defined, displayed and removed.

If co-owners create files under a different ID and then protect these with an STDAC guard, then before accessing the file they must ensure that their ID possesses the necessary access rights. At the same time, file owners should be aware that co-owners can prevent them from accessing data.

However, both file owners and co-owners can use the MODIFY-FILE-ATTRIBUTES command at any time to recover unrestricted access rights.

Powered by Atlassian Confluence and Scroll Viewport.