In co-owner protection rules the object names are specified without a path (i.e. without a pubset ID and user ID). When co-ownership is checked, the active user-specific rule container is used that is on the same pubset and under the same user ID as the file/library or job variable to be co-administered.

The guards with the co-owner conditions must be created on the same pubset as the rule container used for evaluation.