Macros
A user with user ID GENERAL uses the CATAL macro to define protection attributes for a number of files in an Assembler program:
CATAL FIL1,...,STATE=*UPDATE,SHARE=*NO,ACCESS=*READ —————————————————— (1)
CATAL FIL2,...,STATE=*UPDATE,SHARE=*YES,ACCESS=*READ ————————————————— (2)
CATAL FIL3,...,STATE=*UPDATE,SHARE=*YES,WRPASS=C'007' ———————————————— (3)
CATAL FIL4,...,STATE=*UPDATE,SHARE=*YES,RDPASS=C'0815',DELDATE='+150' (4)
CATAL FIL5,...,STATE=*UPDATE,SHARE=*YES,RDPASS=C'1111',EXPASS=C'2222',
RETPD=20 ——————————————————————————————————————————————————————— (5)
CATAL FIL6,...,STATE=*NEW,PROTECT=(*FROM-FILE,FIL5),DESTROY=*YES,
BASACL=*STD ———————————————————————————————————————————————————— (6)
See below under “Commands” for an explanation of these program lines.
As an alternative, the FILE macro can be used to define or modify the protection attributes. The protection attributes are also evaluated by the selection criteria of FSTAT and ERASE.
Commands
A user with user ID GENERAL defines protection attributes for a number of files in a procedure or in a dialog:
/MODIFY-FILE-ATTRIBUTES FIL1,...,USER-ACCESS=*OWNER-ONLY,ACCESS=*READ — (1)
/MODIFY-FILE-ATTRIBUTES FIL2,... USER-ACCESS=*ALL-USERS,ACCESS=*READ —— (2)
/MODIFY-FILE-ATTRIBUTES FIL3,...,USER-ACCESS=*ALL-USERS,
WRITE-PASSWORD=C'007'————————————————————————————————————————— (3)
/MODIFY-FILE-ATTRIBUTES FIL4,...,USER-ACCESS=*ALL-USERS,
READ-PASSWORD=C'0815',FREE-FOR-DELETION=+150—————————————————— (4)
/MODIFY-FILE-ATTRIBUTES FIL5,...,USER-ACCESS=*ALL-USERS,
READ-PASSWORD=C'1111',EXECUTE-PASSWORD=C'2222',
EXPIRATION-DATE=+20——————————————————————————————————————————— (5)
CREATE-FILE FIL6,...,PROTECTION-ATTR=*FROM-FILE(FILE-NAME=FIL5),
DESTROY-BY-DELETE=*YES,BASIC-ACL=*STD————————————————————————— (6)
As an alternative, the protection attributes can be defined using the commands CREATE-FILE and ADD-FILE-LINK and are also evaluated by the selection criteria of SHOW-FILE-ATTRIBUTES and DELETE-FILE.
(1) | Only users working under the user ID GENERAL, the user ID of a co-owner or under TSOS (for restrictions see "Restrictions on TSOS co-ownership") can access the file FIL1. Note, however, that write access is not permitted. |
(2) | The file FIL2 is shareable, i.e. access by jobs running under other user IDs is permitted. Write access is, however, prevented by ACCESS=*READ. |
(3) | The file FIL3 is also shareable. |
(4) | The file FIL4 is again shareable. If it contains an executable program or a procedure, this can be executed by any user ID. Read or write access to FIL4 is possible only by specifying the password C'0815'. DELDATE and FREE-FOR-DELETION serve to define a period (150 days as from this day) after which the file may be deleted irrespective of access control. |
(5) | The file FIL5 is shareable, but no access is possible without a password.Entering the execute password C'2222' permits the file to be called via commands such as START-PROGRAM or CALL-PROCEDURE (for a program or procedure file, respectively). If the read password C'1111' is specified, the user can execute the program or procedure or can read, modify or delete the file. Once the retention period of 20 days has expired, the user may modify or delete the file if he/she specifies the read password. |
(6) | The new file FIL6 is to be assigned the same protection attributes as file FIL5. However, the file is to be overwritten with binary zeros in the event of releasing storage space, irrespective of the value specified for FIL5. Access control via BACL is activated. The following values are set for *STD when a new catalog entry is created: the file owner is automatically granted all access rights (read, write, execute), group members and “others” are assigned no access rights. |