Access to a file can be made dependent on the access mode and the access rights.
The file owner can use the ACCESS operand of the CATAL macro and the commands CREATE-FILE, MODIFY-FILE-ATTRIBUTES, CREATE-FILE-GROUP and MODIFY-FILE-GROUP-ATTRIBUTES to define the type of file access to be permitted.
ACCESS=WRITE | Read and write access are permitted. |
ACCESS=READ | Only read access is permitted. |
With standard access control, execute access can only be restricted indirectly by assigning an EXECUTE password (see section "Access to password-protected files").
The SHARE operand of the CATAL macro is used to define which user IDs may access the file using the access modes defined above:
SHARE=NO | Only the file owner can access the file. |
SHARE=YES | All user IDs may access the file with the exception of user IDs which possess the privilege HARDWARE-MAINTENANCE but not the STD-PROCESSING privilege (see note). |
SHARE=SPECIAL | All user IDs may access the file. |
In the commands CREATE-FILE and MODIFY-FILE-ATTRIBUTES, the USER-ACCESS operand is used to define which user IDs may access the file using the access modes defined above:
USER-ACCESS=*OWNER-ONLY | Only the file owner can access the file. |
USER-ACCESS=*ALL-USERS | All user IDs may access the file with the exception of user IDs which possess the privilege HARDWARE-MAINTENANCE but not the STD-PROCESSING privilege (see note). |
USER-ACCESS=*SPECIAL | All user IDs may access the file. |
Note on user IDs with the HARDWARE-MAINTENANCE privilege
By default, these user IDs do not belong to the set of users designated by *ALL-USERS.
User IDs with the HARDWARE-MAINTENANCE privilege are used by the manufacturer for hardware maintenance purposes whereas all other user IDs are intended for the customer.