The ADD-USER, MODIFY-USER-ATTRIBUTES, LOCK-USER, REMOVE-USER and UNLOCK-USER commands can be used by systems support to define which users may access a pubset and whether the access right has been revoked for a user. Since each pubset has its own user and file catalogs, systems support can group the user IDs on the pubsets according to the functions the users exercise. The following applies here:

• Entries for all users must be stored in the home pubset user catalog because the access checks with the SET-LOGON-PARAMETERS command are made in the user catalog of the home pubset.

• It is recommended that users be entered in the user catalog of the home pubset with PUBLIC-SPACE-LIMIT=0, FILE-NUMBER-LIMIT=0 and JV-NUMBER-LIMIT=0. The users can access files of this pubset without hindrance, but may not create any files or use any job variables.

  A user entry with PUBLIC-SPACE-LIMIT=0 has no effect on creating job variables (these occupy no storage space) or access to files of other user IDs (this is subject to the normal checks: shareability, passwords, read or write access, etc.). The creation of job variables and file entries on this pubset is prevented by JV-NUMBER-LIMIT=0 and FILE-NUMBER-LIMIT=0.

• When a user has no entry in the user catalog of the pubset concerned, he/she cannot access this pubset, not can he/she access shareable files or job variables held by other users on this pubset. This is recommendable, for example, when the pubset is required for production and user IDs are employed solely for test and training purposes.

• Access protection is rendered ineffective if the system parameter FSHARING was assigned the value 1 during system generation. All users can then access all pubsets and do not even require an entry in the user catalog concerned.