Specifying values for the protection attributes of job variables should correspond to commonly prescribed patterns. With the “default protection” SECOS function the user can define his own default values that can then be used instead of the default system values. These default values can be specified for a certain user or globally for all pubsets. They are stored in attribute guards (guards used to specify default values for protection attributes).
Default protection values can be set via the ADD-/MODIFY-DEFAULT-PROTECTION-ATTR command for the following protection attributes of job variables:
Protection attribute | Meaning |
ACCESS | Default access control (type of access) |
USER-ACCESS | Default access control (access for external users) |
BASIC-ACL | Basic access control |
GUARDS | Access control via guards |
READ-PASS-WORD | Read password |
WRITE-PASSWORD | Write password |
Table 9: Protection attributes of job variables
Each attribute guard is linked to a rule container that contains the rules that determine to which job variable names these rules apply. See also the SECOS command ADD-/MODIFY-DEFAULT- PROTECTION-RULE in the “SECOS” [10] manual. Default protection is activated by creating a rule container.
Commands and macros to use default protection for job variables
Default protection values for protection attributes are implemented with the command CREATE-JV PROTECTION=*STD (see the “Commands” manual [1]) or the macro CATJV ..., PROTECT= DEFAULT (see "CATJV Catalog job variable "). The *STD or DEFAULT specifications are the default settings.
If default protection is not activated or /CREATE-JV PROTECTION-ATTR=*STD or CATJV...,PROTECT=STD is specified, then the default system values apply when a job variable is created (first protection attribute entry). You cannot use the default protection values for existing job variables. The retention period (EXPIRATION-DATE) cannot be affected by the first entry with default protection. It is implicitly set to *TODAY by default.
The default protection cannot be applied to temporary job variables.
The following are the effects of the PROTECTION-ATTR operand (CREATE-JV command) or PROTECT operand (CATJV macro) on the default values of protection attributes for job variables:
PROTECTION-ATTR=*STD
The default system values are used for the default system values of individual protection attributes (see table 10) if not explicitly specified otherwise.PROTECTION-ATTR=*BY-DEF-PROT-OR-STD
Default protection is active: Use the default protection values (from the attribute guard)
Default protection is not active: Use the default system values (see table 10)
Protection attribute
Default system value
ACCESS
WRITE
USER-ACCESS
OWNER-ONLY
BASIC-ACL
NONE
GUARDS
NONE
READ-PASSWORD
NONE
WRITE-PASSWORD
NONE
Table 10: Default system values for job variable protection attributes
Example
/add-default-protection-attr guard-name=defprot,user-access=*all-users (1)/show-default-protection-attr d*——————————————————————————————————————— ( 2 )%----------------------------------------------------------------------------%GUARD :2OSG:$USER1.DEFPROT DEFAULT PROTECTIONATTRIBUTES%---------------------------------------------------------------------------%% SCOPE: CREATE-OBJECT % SCOPE: MODIFY-OBJECT-ATTR% % --------------------------- % -------------------------%ACCESS % *SYSTEM-STD % *SYSTEM-STD%USER-ACCESS % *ALL-USERS % *ALL-USERS%BASIC-ACL % *SYSTEM-STD % *SYSTEM-STD%GUARDS % *SYSTEM-STD % *SYSTEM-STD%READ-PASSWORD % *SYSTEM-STD % *SYSTEM-STD%WRITE-PASSWORD % *SYSTEM-STD % *SYSTEM-STD%EXEC-PASSWORD % *SYSTEM-STD % *SYSTEM-STD%DESTROY-BY-DELETE % *SYSTEM-STD % *SYSTEM-STD%SPACE-RELEASE-LOCK % *SYSTEM-STD % *SYSTEM-STD%EXPIRATION-DATE % *SYSTEM-STD % *SYSTEM-STD%FREE-FOR-DELETION % *SYSTEM-STD % *SYSTEM-STD%----------------------------------------------------------------------------%GUARDS SELECTED: 1 END OF DISPLAY/add-default-protection-rule rule-cont-guard=sys.udj,prot-rule=1stcharequj,protect-obj=*par(name=j*,attrib-guard=defprot) ———————————————————— (3)/show-default-protection-rule —————————————————————————————————————————— (4)%----------------------------------------------------------------------------%RULE CONTAINER :2OSG:$USER1.SYS.UDJ USR ACTIVE DEFAULTPROTECTION%----------------------------------------------------------------------------%1STCHAREQUJ OBJECT = J*% ATTRIBUTES = $USER1.DEFPROT% USER-IDS = *ANY-USER-ID%----------------------------------------------------------------------------%RULE CONTAINER SELECTED: 1 END OF DISPLAY/create-jv jvdefprot ——————————————————————————————————————————————————— (5)/show-jv-attributes nodefprotjv,inf=*all ——————————————————————————————— (6)%0000000 :2OSG:$USER1.JV.DEFPROT% USER-ACC = ALL-USERS ACCESS = WRITE% CRE-DATE = 2010-08-13 EXPIR-DATE = 2010-08-13% CRE-TIME = 14:38:42 EXPIR-TIME = 00:00:00% READ-PASS = NONE% WRITE-PASS = NONE%SUM 00001 JV'S; JV-VALUE = 00000000 BYTES/create-jv nodefprotjv ————————————————————————————————————————————————— (7)/show-jv-attributes nodefprotjv,inf=*all ——————————————————————————————— (8)%0000000 :2OSG:$USER1.NO.JVDEFPROT% USER-ACC = OWNER-ONLY ACCESS = WRITE% CRE-DATE = 2010-08-13 EXPIR-DATE = 2010-08-13% CRE-TIME = 14:41:00 EXPIR-TIME = 00:00:00% READ-PASS = NONE% WRITE-PASS = NONE%SUM 00001 JV'S; JV-VALUE = 00000000 BYTES/create-jv jvstd,protection-attr=*std —————————————————————————————————— (9)/show-jv-attributes jvstd,inf=*all ———————————————————————————————————— (10)%0000000 :2OSG:$USER1.JV.STD-PROT% USER-ACC = OWNER-ONLY ACCESS = WRITE% CRE-DATE = 2010-08-13 EXPIR-DATE = 2010-08-13% CRE-TIME = 14:42:04 EXPIR-TIME = 00:00:00% READ-PASS = NONE% WRITE-PASS = NONE%SUM 00001 JV'S; JV-VALUE = 00000000 BYTES(1)
The attribute guard “DEFPROT” is created and the default value for the ACCESS protection attribute is also specified.
(2)
The default values for the protection attributes are displayed. The values that apply when a job variable is created are displayed in the “SCOPE: CREATE OBJECT” column. USER-ACCESS “*ALL-USERS” is entered for the protection attribute as a user specific value. The default system values apply to all other protection attributes (the “SCOPE: MODIFY-OBJECT-ATTR” column does not apply to job variables, it only applies to files).
(3)
The default protection rule “1STCHAREQUJ” is added to the rule container “SYS.UDJ” (J stands for job variable). You specify via
"PROTECT-OBJ=*PAR(NAME=j*,ATTRIB-GUARD=DEFPROT"that this rule applies to all job variables whose name begins with J and that the job variables for which this rule applies are to obtain their default values from the “DEFPROT” attribute guard.(4)
The properties of the rule container and the rules it contains are displayed.
(5)
The job variable “JV.DEFPROT” is created. Its name abides by the rule “1STCHAREQUJ” and therefore the default values are taken from the “DEFPROT” attribute guard.
(6)
You can see that the values came from the “DEFPROT” attribute guard in the USER-ACCESS attribute: The value “ALL-USERS” is not a default system value.
(7)
The job variable “NO.DEFPROT” is created. Its name does not abide by the rule “1STCHAREQUJ” and therefore the default system values are used as the default values.
(8)
You can see that the default values are default system values in the USER-ACCESS attribute: The value “OWNER-ONLY” is a default system value.
(9)
The job variable “JV.STD-PROT” is created. Its name abides by the rule “1STCHAREQUJ”, but the use of the default system values is forces by specifying
"PROTECTION-ATTR=*STD".(10)
You can see that the default values are default system values in the USER-ACCESS attribute: The value “OWNER-ONLY” is a default system value.
Default protection and monitor job variables
The default protection also applies to monitor job variables. If a protection attribute is set by the default protection that prevents further access (e.g. using system commands), then the default protection setting must be changed by the user. For example, in the MONJV handler a new monitor job variable to be created is only set to USER-ACCESS=*ALL-USERS when default protection does not explicitly set USER-ACCESS=*OWNER-ONLY.