Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

GUARDS - file protection via a special access profile (guard)

Access protection is provided by means of special access profiles known as GUARDS. This file protection mechanism is effective only if the GUARDS (Generally Usable Access contRol aDministration System) function unit of the software product SECOS has been loaded (see also the “SECOS” manual [8 (Related publications)]).

Access to a file is controlled by a guard, i.e. a special access profile that contains all the conditions under which access to the file may be granted or denied (e.g. date, time, specific time period, user ID). Each such access profile is created by means of an appropriate GUARDS command or macro and is stored as a “guard entry” in the “guard catalog” under a “guard name” assigned by the user. Every pubset has a guard catalog that is maintained independently of user files.

As far as file processing is concerned, a distinction must be made between associating a file with a guard entry and accessing a file protected by such an entry. A file is linked with a guard entry by entering a guard name in the appropriate operand of the macro or command used (CATAL; CREATE-FILE(-GROUP) or MODIFY-FILE(-GROUP)-ATTRIBUTES). A file protected by a guard can only be accessed if the conditions defined in the guard entry are fulfilled.

Activating GUARDS protection

GUARDS protection is activated only if at least one access mode has been linked with a guard entry (the operand value *NONE for READ/WRITE/EXEC in a macro or command is also considered to be a guard entry in this sense). It is not necessary for the access profile to have been defined in the guard catalog at this point. Each of the three access modes (read, write, execute) can be protected by means of a separate guard entry.

Unlike the ACCESS attribute, write access authorization with GUARDS does not imply read access authorization.

When GUARDS protection is activated for a file, all access modes which have not been explicitly defined are set to *NONE. The file cannot be accessed via these access modes.

It is only at the time of accessing a file protected with GUARDS that checks are performed to verify whether the specified guard entry exists (guard name), whether it may be used, and whether the access profile involved permits the user to access the file in the desired access mode.

Even co-owners of a guard-protected file have only those access rights defined in the guard entry.

If GUARDS protection is entered for a file in the file catalog, but no access profile has been defined in the guard catalog for the specified guard name (e.g. if the access profile has been deleted), the file cannot be accessed. Files protected by GUARDS can only be accessed if the GUARDS subsystem is loaded

Deactivating GUARDS protection

Existing GUARDS protection can be removed only by means of an explicit specification (using the operand GUARDS=NONE in the CATAL macro or MODIFY-FILE(-GROUP)-ATTRIBUTES command).

Powered by Atlassian Confluence and Scroll Viewport.