Default protection is defined in the form of rules which are stored in rule containers (guards of type DEFAULTP) which apply across sessions.
Users can create an unlimited number of rule containers under their user IDs and each rule container can contain multiple default protection rules for the files belonging to this user ID.
Rule containers are only used for default assignment if they comply with a naming convention (see "section Activating a rule container"). They are then referred to as active rule containers.
To prevent undesirable default assignments being made at the creation stage, it is advisable to use an inactive rule container when preparing rules. When you have finished creating all the rules and attribute guards, you can activate this rule container by renaming it:
/MODIFY-GUARD-ATTRIBUTES ...,NEW-NAME=SYS.UDF
Default values for protection attributes are defined in two steps:
creation of rule containers (guards, see "Guards administration")
entry of the protection attribute default values in the rule containers (guards)
System administrators can also create rule containers that contain default protection rules for files of a pubset. Compliance with a naming convention is also required to activate these rule containers (see "Activating a rule container").
Entering default protection rules
The following commands are available for the creation and administration of default protection rules. These commands are not RFA-compatible:
ADD-DEFAULT-PROTECTION-RULE | Add default protection rule |
MODIFY-DEFAULT-PROTECTION-RULE | Modify default protection rule |
REMOVE-DEFAULT-PROTECTION-RULE | Remove default protection rule |
SHOW-DEFAULT-PROTECTION-RULE | Display default protection rule |
SHOW-OBJECT-PROTECTION-DEFAULT | Display default protection attributes for an object |
You can also use the general GUARDS administration commands to administer the rule containers in the same way as guards (see "Guards administration").
Structure of default protection rules
Each rule is addressed by its name and is subdivided into three parts:
1st rule part:
This part contains the name of a file or job variable for which certain protection attribute default values are to apply. The name can be partially qualified or specified using wildcards. However, it does not contain any specification of the pubset ID or user ID.
2nd rule part:
This part contains the reference to a guard of type DEFPUID which contains the list of user IDs which provide a pubset-global, unique designation of the files specified in rule part 1. This part of the rule is reserved for pubset-global definitions by system administrators and is ignored for the purposes of user-specific default value assignments.
3rd rule part:
This part contains the reference to a guard of type DEFPATTR which contains the default values for the protection attributes which are to apply to the file specified in rule part 1.
The order in which the rules are arranged in the rule containers plays a decisive role in the selection of a valid rule (i.e. in the selection of the default values to be used). The search for a suitable rule proceeds according to the order in which the rules occur in the rule container and terminates with the first hit (for more information, refer to section "Overlapping object names").