Users with the user ID EXAMPLE are to be permitted to load and start only those programs that are cataloged under the user ID SDFUSR. All of these programs, without exception, reside in files and not in libraries.

The desired restriction may be implemented via the group syntax file
$TSOS.SYS.SDF.GROUP.SYNTAX.EXAMPLE. It is to receive the version EXAMPLE#5. In this file, the definitions of the commands START-PROGRAM and LOAD-PROGRAM are to be suitably modified. Since users with the user ID EXAMPLE do not test programs, the operand TEST.OPTIONS is to be disabled when the two command definitions are modified.

Note

In BLSSERV V2.3 and higher the functionality of START-PROGRAM and LOAD-PROGRAM are also offered with improved syntax via the new commands START- and LOAD-EXECUTABLE-PROGRAM. In this case the two new commands must also be locked or their syntax definitions are to be modified in the same manner as for START-PROGRAM and LOAD-PROGRAM.

The definitions of the old commands EXECUTE and LOAD cannot be modified as desired. If EXECUTE and LOAD were to be disabled only for interactive and batch mode but not for calls using the CMD macro, such disabling could easily be bypassed. Consequently, the commands are to be generally disabled.

User guidance is preset throughout the system to GUIDANCE=*EXPERT. For the user ID EXAMPLE, user guidance is to be preset to GUIDANCE=*NO.

The program EDT is available under the user ID SDFUSR.

1. A task is initiated under the user ID SDFUSR.

2. SDF-A is loaded and started.

3. The group syntax file SYS.SDF.GROUP.SYNTAX.EXAMPLE is opened as a new file to be created. By default, the activated system syntax file is assigned as a reference file.

   
   

   
   

   //set-glob vers=example#5,guid=*n —————————————————————————————————————  (4) //remove *com((load,exec)) ————————————————————————————————————————————  (5) //show *com(start-prog),att-inf=*n,size=*max ——————————————————————————  (6) START-PROGRAM(SRPG,SR,START-PROG)    FROM :2OSH:$TSOS.SYSSDF.BLSSERV.023 (SYSTEM)      Loads a program (load or object module) to the memory and starts it //edit *com(start-prog) ———————————————————————————————————————————————  (7) //mod-cmd help=(e('Loads a $SDFUSR-program to the memory and starts it.'),- //d('Laedt ein $SDFUSR-Programm in den Speicher und startet es.')) ————  (8)  //show *oper(from-f),siz=*med,att-inf=*n ——————————————————————————————  (9)  FROM-FILE =      filename or *MODULE() or *PHASE() //show *oper(from-f),impl=*y,att-inf=*n ——————————————————————————————— (10)  ADD-OPERAND NAME=FROM-FILE,INTERNAL-NAME=FROMFI,STANDARD-NAME=         -             FROM-FILE,HELP=(D(TEXT='Name der Datei, die das Lademodul- enthaelt oder Angaben zur Bindemodul- bzw. Lademodulbibliothek'),E(    -             TEXT='name of the file containing the load module or       - specification of the object module/load module library')),             -             RESULT-OPERAND-NAME=*POSITION(POSITION=1),                 -             CONCATENATION-POS=1 //add-oper prefix,def='$sdfusr.',res-oper-n=*pos(1),conc-pos=1,pres=*int (11)

4. The group syntax file SYS.SDF.GROUP.SYNTAX.EXAMPLE receives the version EXAMPLE#5. User guidance is preset to GUIDANCE=*NO.

5. The commands LOAD and EXECUTE are disabled for all users.

6. The SDF-A statement used to define the START-PROGRAM command is displayed.

7. The file is positioned to the START-PROGRAM command, i.e. the command becomes the current object in the open group syntax file.

8. The help text for the command that is the current object is changed. Thereafter, the first operand of this command (FROM-FILE) becomes the current object.

9. The FROM-FILE operand of the command currently being edited (START-PROGRAM) is displayed at the medium level of detail.

10. The SDF-A statement used to define the FROM-FILE operand of the START-PROGRAM command is displayed.

11. The PREFIX operand is defined. SDF-A inserts its definition into the definition of the

    START-PROGRAM command after the current object (FROM-FILE). At the user interface of the START-PROGRAM command, the operand is invisible. Its default value is “$SDFUSR”. When the command is passed to the implementation the operand has the same position as the FROM-FILE operand (see step 10) and, when concatenated with the latter, comes first.

    //add-value *part-filename ———————————————————————————————————————— (12) //edit *oper(from-f) —————————————————————————————————————————————— (13) //mod-oper conc-pos=2,help=(e('specifies the name of the file holding the - //load module.'),d('Name der Datei, die das Lademodul enthaelt.')) —(14) //mod-value *filename(user-id=*n) ————————————————————————————————— (15) //remove *value ——————————————————————————————————————————————————— (16) //remove *value(from-f,phase) ————————————————————————————————————— (17) //show *oper(test-opt) ———————————————————————————————————————————— (18) TEST-OPTIONS = *NONE //edit *oper(test-opt) ———————————————————————————————————————————— (19) //mod-oper pres=*intern ——————————————————————————————————————————— (20)

12. For the PREFIX operand an operand value of type PARTIAL-FILENAME is defined.

13. The file is positioned to the FROM-FILE operand of the command currently being edited

    (START-PROGRAM), i.e. this operand becomes the current object.

14. The operand that is the current object (FROM-FILE) is to come second when concatenated with the PREFIX operand. The help texts for FROM-FILE are modified. Subsequently, the first operand value (FILENAME) of FROM-FILE becomes the current object.

15. The definition of the operand value that is the current object (FILENAME) is modified. Specification of the user ID as part of the file name is no longer permitted. After this, the operand value MODULE becomes the current object.

16. The definition of the operand value that is the current object (MODULE) is deleted. The structure attached to it is likewise deleted. Note: After this, the definition of the operand value FILENAME becomes the current object.

17. The definition of operand value PHASE belonging to the operand FROM-FILE is deleted.

18. The TEST-OPTIONS operand is displayed.

19. The file is positioned to the TEST-OPTIONS operand of the command currently being edited (START-PROGRAM), i.e. TEST-OPTIONS becomes the current object.

20. The operand that is the current object (TEST-OPTIONS) is made invisible at the user interface of the START-PROGRAM command.

    
    

    //show *com(load-prog),att-inf=*n,size=*max ——————————————————————————— (21) LOAD-PROGRAM(LDPG,LOAD-PROG)    FROM :2OSH:$TSOS.SYSSDF.BLSSERV.023 (SYSTEM)     Loads a program (load or object module) to the memory //edit *com(load-prog) //mod-cmd help=(e('Loads a $SDFUSR-program to the memory.'),- //d('Laedt ein $SDFUSR-Programm in den Speicher.')) //show *oper(from-f),siz=*med,att-inf=*n FROM-FILE =      filename or *MODULE() or *PHASE() //show *oper(from-f),impl=*y,att-inf=*n ADD-OPERAND NAME=FROM-FILE,INTERNAL-NAME=FROMFI,STANDARD-NAME=                      FROM-FILE,HELP=(D(TEXT='Name der Datei, die das Lademodul   - enthaelt oder Angaben zur Bindemodul- bzw. Lademodulbibliothek'),E(     -             TEXT='name of the file containing the load  module or       - specification of the object module/load module library')),              -             RESULT-OPERAND-NAME=*POSITION(POSITION=1),                  -             CONCATENATION-POS=1  //copy *oper(prefix,orig=*com(start-prog)) ———————————————————————————— (22)  //edit *oper(from-f) //mod-oper conc-pos=2,help=(e('specifies the name of the file holding - //the load module.'),d('Name der Datei, die in das Lademodul enthaelt.')) //mod-value *filename(user-id=*n) //remove *value //remove *value(from-f,phase) //show *oper(test-opt) TEST-OPTIONS = *NONE //edit *oper(test-opt) //mod-oper pres=*intern //end

21. The definition of the LOAD-PROGRAM command is displayed, and modified in a way analogous to the way START-PROGRAM was modified previously.

22. The PREFIX operand and its operand value are defined for the LOAD-PROGRAM command using the COPY statement instead of the ADD statement. The definitions established in steps 11 and 12 for START-PROGRAM are copied.

    /mod-f-attr sys.sdf.group.syntax.example,access=*read,user-acc=*all ——— (23) /start-prog demo —————————————————————————————————————————————————————— (24) %  BLS0517 MODULE 'SDAMAIN' LOADED %  SDA0001 'SDF-A' VERSION '04.1E10' STARTED //open-syntax-file ....  .  . //end /exit-job  .  . /set-logon-parameters tsos,... ———————————————————————————————————————— (25) /mod-user example,profile-id=user1 ———————————————————————————————————— (26) /mod-sdf-param scope=*permanent,syntax-file=*group($sdfusr.sys.sdf.group. /syntax.example,user1) ———————————————————————————————————————————————— (27)  % CMD0681 SYNTAX FILE '$SDFUSR.SYS.SDF.GROUP.SYNTAX.EXAMPLE' INSERTED IN PARAMETER FILE '$.SYSPAR.SDF' % CMD0718 GROUP SYNTAX FILE '$SDFUSR.SYS.SDF.GROUP.SYNTAX.EXAMPLE' HAS BEEN ASSOCIATED WITH 'PROFILE-ID USER1' IN MEMORY TABLES /exit-job  .   .

23. The file SYS.SDF.GROUP.SYNTAX.EXAMPLE is declared as shareable. Access is read-only.

24. The program DEMO cataloged under the user ID SDFUSR is loaded and started. It is the program SDF-A.

25. A task is initiated under the system administrator ID TSOS.

26. Profile ID USER1 is assigned to user ID EXAMPLE.

27. Group syntax file $SDFUSR.SYS.SDF.GROUP.SYNTAX.EXAMPLE is assigned to profile ID USER1. The assignment is permanently stored in the SDF parameter file.

    
    

    /set-logon-parameters example,... ———————————————————————————————— (28)  .  . %CMD:show-sdf-options ———————————————————————————————————————————— (29) %SYNTAX FILES CURRENTLY ACTIVATED : %  SYSTEM    : :2OSH:$TSOS.SYSSDF.SDF.045 %              VERSION : SESD04.5A300 %  SUBSYSTEM : :2OSH:$TSOS.SYSSDF.ACO.022 %              VERSION : SESD02.2A00 %  SUBSYSTEM : :2OSH:$TSOS.SYSSDF.ACS.140 %              VERSION : SESD14.0B100  .  . %  SUBSYSTEM : :2OSH:$TSOS.SYSSDF.SDF-A.041 %              VERSION : SESD04.1E10 %  SUBSYSTEM : :2OSH:$TSOS.SYSSDF.TASKDATE.140 %              VERSION : SESD14.0A100 %  GROUP     : 2OSH:$.SYS.SDF.GROUP.SYNTAX.EXAMPLE %              VERSION : EXAMPLE#5 %  USER      : *NONE %CURRENT SDF OPTIONS : %  GUIDANCE           : *NO %  LOGGING            : *INPUT-FORM %  CONTINUATION       : *NEW-MODE %  UTILITY-INTERFACE  : *NEW-MODE %  PROCEDURE-DIALOGUE : *NO %  MENU-LOGGING       : *NO %  MODE               : *EXECUTION %     CHECK-PRIVILEGES   : *YES %  DEFAULT-PROGRAM-NAME : *NONE %  FUNCTION-KEYS      : *STYLE-GUIDE-MODE %  INPUT-HISTORY      : *ON %     NUMBER-OF-INPUTS   : 20 %     PASSWORD-PROTECTION: *YES %CMD:exec sdf-a ——————————————————————————————————————————————————— (30) %  SDP0222 OPERAND ’CMD’ INVALID IN /EXEC-CMD, ERROR ’SDP0116’. IN SYSTEM MODE: /HELP-MSG SDP0116

28. A task is initiated under the user ID EXAMPLE.

29. The activated syntax files are listed. The group syntax file $SDFUSR.SYS.SDF.GROUP.SYNTAX.EXAMPLE, with the version EXAMPLE#5, is activated. User guidance is set to GUIDANCE=*NO. Consequently, SDF requests input of commands and statements by issuing “%CMD:” or “%STMT:”.

30. Since the EXEC command was removed, SDF interprets the user input as the SDF-P command EXEC-CMD and rejects it due to invalid syntax.

    
    

    %CMD:start-prog sdf-a ———————————————————————————————————————————— (31) %  BLS0514 ERROR WHEN OPENING FILE $SDFUSR.SDF-A . DMS ERROR '0D33'. IN SYSTEM MODE /HELP-MSG DMS0D33 %  NRTT101 ABNORMAL JOBSTEP TERMINATION BLS0514 %CMD:help-msg 0d33 %  DMS0D33 PROGRAM ERROR: REQUESTED FILE NOT CATALOGED %  ? The requested file has not been cataloged in the system. %    For the file or job variable (JV) no catalog entry could be found. %  ! Correct the error and try again. %CMD:start-prog $sdfusr.demo ————————————————————————————————————— (32) %  CMD0051 INVALID OPERAND 'FROM-FILE' %  CMD0072 ATTRIBUTE SPECIFIED IN FILE NAME '$SDFUSR.DEMO' NOT PERMITTED %ENTER OPERANDS: %$sdfusr.demo demo ————————————————————————————————————————————————————————————— (33) %  BLS0517 MODULE 'SDAMAIN' LOADED ——————————————————————————————— (34) %  SDA0001 'SDF-A' VERSION '04.1E10' STARTED %STMT:open-syntax-file user,,*crea ——————————————————————————————— (35)

31. SDF accepts the command name START-PROGRAM. However, it passes to the implementation the file name $SDFUSR.SDF-A, which it has formed through concatenation. This file does not exist.

32. SDF does not accept the file name $SDFUSR.DEMO, because it contains a user ID, which is not permitted.

33. SDF accepts the file name DEMO. However, SDF passes to the implementation the file name $SDFUSR.DEMO, which it has formed through concatenation.

34. The program SDF-A, found under the user ID SDFUSR in the file DEMO, is loaded and started (see step 24).

35. The user syntax file USER is created and opened. By default, the activated system syntax file and the activated group syntax file are assigned as reference files.

    %STMT:show *com(start-prog),siz=*max ————————————————————————————— (36) START-PROGRAM(SRPG,SR,START-PROG)    FROM SYS.SDF.GROUP.EXAMPLE (GROUP)      Loads a $SDFUSR-program to the memory and starts it.      FROM-FILE =           filename_1..54_without-user-id-generation           Specifies the name of the file holding the load module.      CPU-LIMIT = JOB-REST           JOB-REST or integer_1..32767           specifies the maximum CPU time in seconds the program may use for           execution      MONJV = *NONE           *NONE or filename_1..54_without-generation           specifies the name of the job variable which is to monitor the           program.      RESIDENT-PAGES = *PARAMETERS           *PARAMETERS()           specifies the number of resident memory pages required for program           execution           STRUCTURE: *PARAMETERS                MINIMUM = *STD                     *STD or integer_0..32767                     specifies the minimum number of resident memory pages                     required                MAXIMUM = *STD                     *STD or integer_0..32767                     specifies the maximum number of resident memory pages                     required      VIRTUAL-PAGES = *STD           *STD or integer_0..32767           specifies the total number of memory pages (both resident and           pageable) required for program execution %STMT:end %CMD:exit-job

36. The definition of the START-PROGRAM command is displayed in its most detailed form. The changes made can be seen. The TEST-OPTIONS operand has been made invisible.