Co-owner protection is defined in the form of rules which are stored in rule containers (guards of type COOWNERP) which apply across sessions.
Rule containers are only used for co-owner protection if they comply with the naming convention (see section "Activating a rule container"). They are then referred to as active rule containers.
To prevent undesired co-owner accesses occurring while the rules are still being created, it is advisable to use an inactive rule container to prepare the rules. When all the rules and condition guards are completed, you can activate these rule containers by renaming them:
/MODIFY-GUARD-ATTRIBUTES ...,NEW-NAME=SYS.UCF
The definition of co-owner protection rules involves two steps:
Creation of rule containers (guards, "Guards administration")
Entry of the co-owner protection rules in the rule containers (guards)
Entering co-owner protection rules
The following commands are available for the creation and administration of rule containers. These commands are not RFA-compatible:
ADD-COOWNER-PROTECTION-RULE | Add co-owner protection rule |
MODIFY-COOWNER-PROTECTION-RULE | Modify co-owner protection rule |
REMOVE-COOWNER-PROTECTION-RULE | Remove co-owner protection rule |
SHOW-COOWNER-PROTECTION-RULE | Display co-owner protection rule |
SHOW-COOWNER-ADMISSION-RULE | Display co-owner authorization rule |
In addition, the general GUARDS administration commands are also available for the administration of the rule containers (see "Guards administration").
Structure of co-owner protection rules
Every rule is addressed by its name and is subdivided into two parts:
1st rule part:
This part contains the name of an object for which co-ownership is to be defined. The name can be partially qualified or specified using wildcards. However, it does not contain any specification of the pubset ID or user ID.
2nd rule part:
This part contains the reference to a guard of the type STDAC, which contains the conditions that a user must meet in order to be a co-owner of the object specified in the first part of the rule.
3nd rule part:
This part specifies the restriction of the co-ownership of the user ID TSOS.
You will find more information on this in section "Restriction of TSOS co-ownership".
The order in which the rules are arranged in the rule container plays a decisive role in the selection of a valid rule (i.e. in the identification and verification of a co-owner). The search for a suitable rule proceeds in the order in which the rules occur in the rule container and is terminated with the first hit (you will find more information on this in section "Overlapping object names").