USER1 wants to give USER2 the right to create and administer files under his/her own user ID (USER1) provided that the file name contains the string “TEST”.
USER1 defines a condition guard COND1 which gives USER2 access that is unrestricted in terms of time constraints.
/create-guard cond1,user-inf='Zugriffsbedingungen fuer Coowner'
/add-access-conditions guard-name=cond1, -
/ subjects=*user(user-identification=user2)
|
Then USER1 defines a rule container COO1 which contains a co-ownership rule. This specifies that the access conditions for the co-owners of the files whose name matches the pattern “*TEST*” are defined in the condition guard COND1.
/create-guard coo1,user-inf='Coowner-Regelbehaelter'
/add-coowner-protection-rule rule-container-guard=coo1, -
/ protection-rule=rule1, -
/ protect-object=*parameters(name=*test*,condition-guard=cond1)
|
For monitoring purposes, USER1 outputs information about all the guards and the rule container COO1. Precondition: no guards may have been present under the user ID USER1 at the start of this example session.
/show-guard-attributes
Guard name Scope Type Creation Date LastMod Date
----------------------------------------------------------------------------
:DEL1:$USER1.COND1 USR STDAC 2011-04-19/10:35:47 2011-04-20/11:36:33
Zugriffsbedingungen fuer Coowner
:DEL1:$USER1.COO1 USR COOWNERP 2011-04-19/10:37:26 2011-04-20/11:38:53
Coowner-Regelbehaelter
----------------------------------------------------------------------------
Guards selected: 2 End of display
/show-coowner-protection-rule coo1
----------------------------------------------------------------------------
RULE CONTAINER :DEL1:$USER1.COO1 COOWNER PROTECTION
----------------------------------------------------------------------------
RULE1 OBJECT = *TEST*
CONDITIONS = $USER1.COND1
TSOS-ACCESS = SYSTEM-STD
----------------------------------------------------------------------------
RULE CONTAINER SELECTED: 1 END OF DISPLAY
|
Since the name of the rule container does not comply with the naming conventions for rule containers it is simply used to prepare the default protection rule. USER2 as yet has no coownership rights for files under the user ID USER1, as is indicated by the call of the SHOW-COOWNER-ADMISSION-RULE command under the ID USER2.
/show-coowner-admission-rule $user1.*
COO3316 NO COOWNER PROTECTION ACTIVE
To activate co-ownership protection, USER1 renames the inactive rule container COO1.
/mod-guard-attr guard-name=coo1,new-name=sys.ucf
USER1 displays the contents of the now active rule container.
/show-coowner-protection-rule
----------------------------------------------------------------------------
RULE CONTAINER :DEL1:$USER1.SYS.UCF ACTIVE COOWNER PROTECTION
----------------------------------------------------------------------------
RULE1 OBJECT = *TEST*
CONDITIONS = $USER1.COND1
TSOS-ACCESS = SYSTEM-STD
----------------------------------------------------------------------------
RULE CONTAINER SELECTED: 1 END OF DISPLAY
|
USER2 checks which rules make him or her a co-owner of files belonging to the user ID USER1.
/show-coowner-admission-rule $user1.*
----------------------------------------------------------------------------
COOWNER RULES FOR FILE :DEL1:$USER1.*
----------------------------------------------------------------------------
RULE1 OBJECT = *TEST*
CONDITIONS = $USER1.COND1
----------------------------------------------------------------------------
RULES SELECTED: 1 END OF DISPLAY
|
USER2 can now create the file TESTTEST under $USER1.
/create-file $user1.testtest
/show-file-att $user1.testtest
0000003 :DEL1:$USER1.TESTTEST
:DEL1: PUBLIC: 1 FILE RES= 3 FRE= 3 REL= 3 PAGES
|
