Default protection makes it possible to predefine pubset-global and user-specific default values for protection attributes which differ from the conventional system default values. Pubset-global default settings can only be made by the system administrator. Users can define user-specific default values for the objects under their user ID. The objects for which you can define default values are files and job variables.
Newly defined default values are linked to the names of the objects to which they are to apply in the form of rules. You can define a set of objects for this purpose by using wildcards.
The rules are stored in rule containers (guards of the type DEFAULTP) and apply across all sessions. As a user, you can create an unlimited number of rule containers under your user ID. If the name of a rule container complies with a specific naming convention (e.g.
SYS.UDF), this container is active and is used when default settings have to be obtained (e.g. when the command /CREATE-FILE FILE-NAME=FILE is executed). For more information, refer to section "Activating a rule container".
Default assignment hierarchy
Users can assign multiple or all protection attributes explicitly at any time.
Example
/CREATE-FILE FILE-NAME=TEST, USER-ACCESS=*ALL-USERS
If default settings have to be used because not all protection attributes have been specified explicitly, the defaults are taken from an active user-specific rule container (e.g.
SYS.UDF). If some protection attributes remain unassigned after this, an active pubset-global rule container (e.g. SYS.PDF) is used. If there are protection attributes for which default values are not found on this hierarchy level either, the system defaults apply.
Protection attributes
The table below indicates the attributes which can be preset via default protection. The “Attribute scope ...” columns specify when these attributes become effective. The entries have the following meanings:
*CREATE-OBJECT: The attribute record is assigned to a file or job variable by default when it is created (by means of the /CREATE-FILE, /CREATE-FILE-GROUP or /CREATE-JV command).
*MODIFY-OBJECT-ATTR: This attribute record can be assigned to a file that has already been created. In order to do this, you call the /MODIFY-FILE-ATTRIBUTES or /MODIFY-FILE-GROUP-ATTRIBUTES command and specify PROTECTION-ATTR=*BY-DEF-PROT-OR-STD).
Protection attribute | DMS objects (files) | JV objects | |
Attribute scope | Attribute scope | Attribute scope | |
ACCESS | + | + | + |
USER-ACCESS | + | + | + |
BASIC-ACL | + | + | + |
GUARDS | + | + | + |
WRITE-PASSWORD | + | + | + |
READ-PASSWORD | + | + | + |
EXEC-PASSWORD | + | + | - |
DESTROY-BY-DELETE | + | + | - |
SPACE-RELEASE-LOCK | + | + | - |
EXPIRATION-DATE | - | + | - |
FREE-FOR-DELETION | - | + | - |
Meanings of symbols: | |||
Temporary files and job variables
In the case of temporary files, only the two file attributes DESTROY-BY-DELETE and SPACE-RELEASE-LOCK are used for default protection. All other presettings are ignored by DMS.
In the case of temporary job variables, all presettings are ignored by JVS.