The access protection mechanism BACL is an integral component of BS2000. ARCHIVE saves the BACL attributes together with every file.

The SECOS functional unit GUARDS can be used as a data access protection mechanism for files, libraries and library elements, job variables and FITC ports.

GUARDS represents an independent object management (analogous to DMS or LMS) which handles its objects, the GUARDs. These GUARDs store conditions (but not access rights) that are evaluated on a request from another object management (DMS, LMS,
FITC).

The GUARDs are managed by GUARDS. Only the name of the GUARD to be used for protection is stored as a reference under the relevant object management. The object management in question is responsible for assigning the result of the conditions evaluated by GUARDS to an access right.

The file catalog entry merely contains the name of the GUARD for the corresponding access right; the conditions (or contents) remain under GUARDS management. This is why only the references can be entered during restoration. The GUARD contained in the catalog entry is unaffected by restoration.

ARCHIVE behaves in the following ways, depending whether or not a file exists for restoration:

• If the file exists, the current protection attributes are retained; only the file contents are exchanged.

• If the file does not exist, the file is restored with the protection attributes valid at the time of saving.

After each restoration, a check must be made to determine whether the GUARDs designated for protection still contain the desired conditions or whether they have been changed by the GUARD owner since the file was saved.

For details on GUARDS see the “SECOS” manual [14].