Access control by means of the protection attributes ACCESS and USER-ACCESS represents the lowest level in the hierarchy of protection mechanisms. They only apply to an object if the object is not protected by a BACL or a guard.
However, password protection and the retention period continue to be effective.
Protection attribute ACCESS
The protection attribute ACCESS can be used to define write or read rights or an object. If write access is permitted then so too is read access.
Protection attribute USER-ACCESS
You use the protection attribute USER-ACCESS to specify whether only the owner (*USER-ONLY) or all users of the system (*ALL-USERS) are permitted to access a file.
If the file is protected by a guard then the guard must contain access conditions which allow access to this privileged user ID.
If the file is not protected by a guard but by a Basic Access Control List (BACL), then the BACL must allow access to this privileged user ID.
If the file is not protected by a guard or by a BACL then USER-ACCESS=*SPECIAL must be set.
Example
/modify-file-attributes file-name=test,protection=*par( -
/ access=*read,user-access=*all-users)
/show-file-attributes file-name=test,information=*par(security=*yes)
00000003 :2OSG:$QM212.TEST ------------------------------- SECURITY ------------------------------- READ-PASS = NONE WRITE-PASS = NONE EXEC-PASS = NONE USER-ACC = ALL-USERS ACCESS = READ ACL = NO AUDIT = NONE FREE-DEL-D = *NONE EXPIR-DATE = 2004-10-08 DESTROY = NO FREE-DEL-T = *NONE EXPIR-TIME = 00:00:00 SP-REL-LOCK= NO :2OSG: PUBLIC: 1 FILE RES= 3 FREE= 2 REL= 0 PAGES
For further information on this type of file protection, refer to the “Introductory Guide to DMS” [6].