The users of the user IDs EXAMPLE and EXAMP1 are to be forced, for reasons of data security, to protect their files using four-byte passwords. This can be achieved by defining suitable restrictions in a group syntax file which will be assigned to these user IDs.

The definitions of the commands CREATE-FILE, CREATE-FILE-GROUP, MODIFY-FILE-ATTRIBUTES and MODIFY-FILE-GROUP-ATTRIBUTES are to be modified accordingly in the group syntax file. The definitions of the old commands CATALOG and FILE cannot be modified in this way. These commands must therefore be disabled. Since they can be called with the CMD macro, a general disabling would have unforeseeable consequences. In addition, they should continue to be available for batch mode. For this reason, the commands are merely disabled for interactive mode.

1. A task is initiated under the user ID SDFUSR.

2. SDF-A is loaded and started.

3. The group syntax file SYS.SDF.GROUP.SYNTAX.EXAMPLE is opened as a new file to be created. By default, the activated system syntax file is assigned as a reference file for the processing that follows. If no reference file were assigned, the processing that follows would have to be performed somewhat differently.

4. The file is positioned to the CATALOG command, i.e. this command becomes the current object.

5. The command that is the current object (CATALOG) is disabled for interactive mode. It is also made invalid within procedures executing in interactive mode.

6. The FILE command becomes the current object and is then disabled for interactive operation.

   //show *oper(prot,orig=*com(create-file)),siz=*max —————————————  (7) PROTECTION = *STD      *STD or *PARAMETERS()      Specifies the protection attributes of the file      STRUCTURE: *PARAMETERS           PROTECTION-ATTR = *BY-DEF-PROT-OR-STD             .             .             .           WRITE-PASSWORD =               *BY-PROT-ATTR-OR-NONE or *NONE or c-string_1..4 or               x-string_1..8 or integer_-2147483648..2147483647 or               *SECRET -default-: *BY-PROT-ATTR-OR-NONE               Specifies the password for protection against unauthorized                write access           READ-PASSWORD =               *BY-PROT-ATTR-OR-NONE or *NONE or c-string_1..4 or               x-string_1..8 or integer_-2147483648..2147483647 or               *SECRET -default-: *BY-PROT-ATTR-OR-NONE               Specifies the password for protection against unauthorized                read access           EXEC-PASSWORD =               *BY-PROT-ATTR-OR-NONE or *NONE or c-string_1..4 or               x-string_1..8 or integer_-2147483648..2147483647 or               *SECRET -default-: *BY-PROT-ATTR-OR-NONE               Specifies the password for protection against unauthorized                execution           DESTROY-BY-DELETE = *BY-PROTECTION-ATTR               *BY-PROTECTION-ATTR or *NO or *YES             .             .             . //edit *oper(prot,orig=*com(create-file)) ——————————————————————  (8) //modify-oper default='PARAMETERS' —————————————————————————————  (9)

7. The PROTECTION operand of the CREATE-FILE command is displayed in its most detailed form.

8. The file is positioned to the PROTECTION operand of the CREATE-FILE command, i.e. this operand becomes the current object in the open group syntax file SYS.SDF.GROUP.SYNTAX.EXAMPLE.

9. The operand that is the current object is to have PARAMETERS as its default value. STD is no longer the default value for the PROTECTION operand. Then the first operand value defined for PROTECTION becomes the current object. This is the input alternative STD.

   //remove *value—————————————————————————————————— (10) //edit *oper(write-pass)————————————————————————— (11) //modify-oper default=*n,struct-impl=*y—————————— (12) //remove *value—————————————————————————————————— (13) //edit *value(write-pass,*c-string)—————————————— (14) //modify-value *c-string(short-l=4,long-l=4) ———— (15)

10. The definition of the operand value that is the current object (*STD) is deleted.

11. The file is positioned to the WRITE-PASSWORD operand of the CREATE-FILE command, i.e. this operand becomes the current object in the open group syntax file (SYS.SDF.GROUP.SYNTAX.EXAMPLE). Of course, the WRITE-PASSWORD operand is situated within a structure. Since the operand’s name is unique within the entire command, neither the name of its parent operand (PROTECTION) nor PARAMETERS (which introduces the structure) need be given. The explicit specification of CREATE-FILE is not necessary, since SDF-A assumes the CREATE-FILE command by default on the basis of the preceding statements.

12. The operand that is the current object is to have no default value. The previous default value *BY-PROT-ATTR-OR-NONE (corresponding to *NONE when no other default protection is defined with SECOS) is now no longer the default value of the WRITE-PASSWORD operand. If the WRITE-PASSWORD operand is now specified on input, the structure PARAMETERS will be implicitly selected. Next, the first operand value defined for WRITE-PASSWORD becomes the current object. This is the input alternative of the type NONE.

13. The definition of the operand value that is the current object (*BY-PROT-ATTR-OR-NONE) is deleted.

14. The file is positioned to the input alternative of the type C-STRING for the WRITE-PASSWORD operand in the CREATE-FILE command, i.e. this operand value becomes the current object in the group syntax file being processed, i.e. SYS.SDF.GROUP.SYNTAX.EXAMPLE. Of course, the WRITE-PASSWORD operand is situated within a structure. Since the operand’s name is unique within the entire command, neither the name of its parent operand (PROTECTION) nor PARAMETERS (which introduces the structure) need be given. The explicit specification of CREATE-FILE is not necessary, since SDF-A assumes the CREATE-FILE command by default on the basis of the preceding statements.

15. The operand value that is the current object is defined to be of the type C-STRING and to have both a minimum and a maximum length of four bytes. Following this, the next operand value defined for WRITE-PASSWORD becomes the current object. This is the input alternative of the type X-STRING.

    //modify-value *x-string(short-l=8,long-l=8) —————— (16) //remove *value ——————————————————————————————————— (17) //edit *oper(read-pass) ——————————————————————————— (18) //modify-oper default=*n,struct-impl=*y //remove *value //edit *value(read-pass,*c-string) //modify-value *c-string(4,4) //modify-value *x-string(8,8) //remove *value //edit *oper(exec-pass) ——————————————————————————— (19) //modify-oper default=*n,struct-impl=*y //remove *value //edit *value(exec-pass,*c-string) //modify-value *c-string(4,4) //modify-value *x-string(8,8) //remove *value

16. The operand value that is the current object is defined to be of the type X-STRING and to have both a minimum and a maximum length of four bytes (eight characters in x-string format). Following this, the next operand value defined for WRITE-PASSWORD becomes the current object. This is the input alternative of the type INTEGER.
    

17. The definition of the operand value that is the current object (INTEGER) is deleted.

18. The READ-PASSWORD operand and its values are modified in exactly the same manner as was the WRITE-PASSWORD operand earlier on (see steps 12-17).

19. The EXEC-PASSWORD operand and its values are modified in exactly the same manner as was the WRITE-PASSWORD operand earlier on (see steps 12-17).

    //show *oper(prot,orig=*com(create-file)),siz=*max ————————————————— (20) PROTECTION = *STD      *STD or *PARAMETERS()      Specifies the protection attributes of the file      STRUCTURE: *PARAMETERS           PROTECTION-ATTR = *BY-DEF-PROT-OR-STD             .             .             .           WRITE-PASSWORD =               *NONE or c-string_4..4 or x-string_7..8 or *SECRET               Specifies the password for protection against unauthorized                write access           READ-PASSWORD =               *NONE or c-string_4..4 or x-string_7..8 or *SECRET               Specifies the password for protection against unauthorized                read access           EXEC-PASSWORD =               *NONE or c-string_4..4 or x-string_7..8 or *SECRET               Specifies the password for protection against unauthorized                execution           DESTROY-BY-DELETE = *BY-PROTECTION-ATTR               *BY-PROTECTION-ATTR or *NO or *YES             .             .             .  .  . ————————————————————————————————————————————————————————————————— (21)  . //end /mod-file-attr sys.sdf.group.syntax.example,access=*read,user-acc=*all (22) /exit-job  .  .

20. The PROTECTION operand of the CREATE-FILE command is displayed in its most detailed form.

21. The definitions of the commands CREATE-FILE-GROUP, MODIFY-FILE-ATTRIBUTES and MODIFY-FILE-GROUP-ATTRIBUTES are modified in exactly the same manner as for the definition of the CREATE-FILE command earlier on.

22. The file SYS.SDF.GROUP.SYNTAX.EXAMPLE is declared as shareable. It may only be accessed for reading.

    /set-logon-parameters tsos,... —————————————————————————————————————— (23) /copy-file from-file=$sdfusr.sys.sdf.group.syntax.example,to-file=- /sys.sdf.group.syntax.example,prot=*same ———————————————————————————— (24) /modify-user example,profile-id=user1 ——————————————————————————————— (25) /modify-sdf-param scope=*temporary,syntax-file=*group/(sys.sdf.group.syntax.example,user1)   (26) /modify-user examp1,profile-id=user1 ———————————————————————————————— (27) /exit-job  .  .

23. A task is initiated under the privileged user ID TSOS.

24. The group syntax file $SDFUSR.SYS.SDF.GROUP.SYNTAX.EXAMPLE generated under the user ID SDFUSR is copied. The name of the copy is $TSOS.SYS.SDF.GROUP.SYNTAX.EXAMPLE. It has the same protection attributes as the original file.

25. Profile ID USER1 is assigned to user ID EXAMPLE.

26. Group syntax file SYS.SDF.GROUP.SYNTAX.EXAMPLE is assigned to profile ID USER1.

27. Profile ID USER1 is assigned to user ID EXAMP1.

    /set-logon-parameters example ————————————————————————————— (28) /show-sdf-options ————————————————————————————————————————— (29) %SYNTAX FILES CURRENTLY ACTIVATED : %  SYSTEM    : :2OSH:$TSOS.SYSSDF.SDF.045 %              VERSION : SESD04.5A300 %  SUBSYSTEM : :2OSH:$TSOS.SYSSDF.ACO.022 %              VERSION : SESD02.2A00 %  SUBSYSTEM : :2OSH:$TSOS.SYSSDF.ACS.140 %              VERSION : SESD14.0B100  .  . %  SUBSYSTEM : :2OSH:$TSOS.SYSSDF.SDF-A.041 %              VERSION : SESD04.1E10 %  SUBSYSTEM : :2OSH:$TSOS.SYSSDF.TASKDATE.140 %              VERSION : SESD14.0A100 %  GROUP     : 2OSH:$.SYS.SDF.GROUP.SYNTAX.EXAMPLE %              VERSION : UNDEFINED %  USER      : *NONE %CURRENT SDF OPTIONS : %  GUIDANCE           : *EXPERT %  LOGGING            : *INPUT-FORM %  CONTINUATION       : *NEW-MODE %  UTILITY-INTERFACE  : *NEW-MODE %  PROCEDURE-DIALOGUE : *NO %  MENU-LOGGING       : *NO %  MODE               : *EXECUTION %     CHECK-PRIVILEGES   : *YES %  DEFAULT-PROGRAM-NAME : *NONE %  FUNCTION-KEYS      : *STYLE-GUIDE-MODE %  INPUT-HISTORY      : *ON %     NUMBER-OF-INPUTS   : 20 %     PASSWORD-PROTECTION: *YES /catalog demo ————————————————————————————————————————————— (30) %  CMD0087 OPERATION NAME 'CATALOG' IS NOT PERMITTED AT THE MOMENT /file demo ———————————————————————————————————————————————— (31) %  CMD0087 OPERATION NAME 'FILE' IS NOT PERMITTED AT THE MOMENT

28. A task is initiated under the user ID EXAMPLE.

29. The activated syntax files are listed. The group syntax file $.SYS.SDF.GROUP.SYNTAX.EXAMPLE has been activated.

30. SDF does not accept the CATALOG command. Since it has been disabled for interactive mode, it is treated as unknown.

31. SDF does not accept the FILE command. Since it has been disabled for interactive mode, it is treated as unknown.

    /create-file demo,wr-pass=2,ex-pass='3' ——————————————————————— (32) %  CMD0051 INVALID OPERAND 'PROTECTION=PARAMETERS:WRITE-PASSWORD' %  CMD0064 OPERAND VALUE 'P' DOES NOT MATCH DATA TYPE 'C-STRING_4..4 OR  X-STRING_7..8 OR SECRET' %  CMD0051 INVALID OPERAND 'PROTECTION=PARAMETERS:READ-PASSWORD' %  CMD0099 MANDATORY OPERAND MISSING OR INVALID %  CMD0051 INVALID OPERAND 'PROTECTION=PARAMETERS:EXEC-PASSWORD' %  CMD0062 LENGTH OF VALUE ''P'' NOT IN PERMISSIBLE RANGE FOR DATA TYPE  'C-STRING_4..4' /create-file demo,read-pass='1234',wr-pass='2345',ex-pass='3456' (33) /show-file-attr demo,inf=*par(security=*yes) ——————————————————— (34) %0000000003 :2OSG:$EXAMPLE.DEMO %  ---------------------- SECURITY     ----------------------------- %  READ-PASS  = YES         WRITE-PASS = YES         EXEC-PASS  = YES %  USER-ACC   = OWNER-ONLY  ACCESS     = WRITE       ACL        = NO %  AUDIT      = NONE        FREE-DEL-D = *NONE       EXPIR-DATE = NONE %  DESTROY    = NO         FREE-DEL-T = *NONE       EXPIR-TIME = NONE %  SP-REL-LOCK= NO %:2OSG: PUBLIC:     1 FILE  RES=      3 FRE=       3 REL=      3 PAGES  .  . /exit-job

32. SDF does not accept the CREATE-FILE command, because

    • the specified write password is neither equal to the keyword SECRET nor of the type C-STRING or X-STRING, and

    • because no read password has been specified, and

    • the specified execute password of type C-STRING is only 1 byte long.

33. SDF accepts the CREATE-FILE command, because passwords of the type C-STRING that are four bytes long have been specified.

34. A catalog entry has been created for the file DEMO. It is protected by passwords.