Default protection user ID lists are specified and stored in user ID guards (type: DEFPUID) and apply across sessions. These can be used for making fine distinctions between the object names specified in the pubset-global default protection rules.
Example
On a pubset :A:, all files under the user ID SALARY whose names begin with the prefix SAVE. are categorized as being critical to security. They are to be assigned the protection attribute DESTROY=*YES by default. However, it is also possible that other users may create files with the prefix SAVE under their user IDs on the same pubset. The system default value DESTROY=*NO is to apply to these files.
If the system administrator defines a default protection rule for the object SAVE.* in the pubset-global rule container, it applies to all files on the pubset that have the prefix SAVE. On the other hand, if the system administrator also assigns in this rule a user ID guard in which he has entered the user ID SALARY, the default rule applies only to files that have the path name :A:$SALARY.SAVE.*.
The user IDs and user groups can be defined in the user ID guard in any order, and wildcards can be used. This means that the user ID from the path name of the file to which the default is to apply is checked against the user IDs and groups entered in the user ID guard (see also "Search for the active rule containers").
The definition of user ID lists for default protection involves two steps:
the creation of guards (see "Guards administration")
the entry of default-protection user ID lists in the guards
Entering the default-protection user ID lists
The following commands are available to system administrators for editing user ID guards. The commands are not RFA-compatible:
ADD-DEFAULT-PROTECTION-UID | Add user ID or group |
REMOVE-DEFAULT-PROTECTION-UID | Delete user ID or group |
SHOW-DEFAULT-PROTECTION-UID | Display user ID or group |
In addition, the general GUARDS administration commands are available for the administration of user ID guards (see "Guards administration")