Domain: | SECURITY-ADMINISTRATION |
Privileges: | STD-PROCESSING, GUARD-ADMINISTRATION |
This command is used to enter a co-owner protection rule in a rule container (guard). If this is the first rule to be entered then a new rule container is created and is assigned the guard type COOWNERP. The SCOPE is set to *USER-ID in the administrative part of the guard.
If the rule container already exists, the SCOPE remains unchanged and the rule is inserted at the specified position in the rule container.
You can create any number of rule containers with user-definable names. Only rule containers named SYS.UCF[<n>] or SYS.UCJ[<n>] are considered as part of the coownership check (active rule containers, see section "Activating a rule container").
Users can only create rule containers for their own user ID. Guard administrators may create rule containers under different user IDs.
ADD-COOWNER-PROTECTION-RULE (ADD-COO-PRO-R) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RULE-CONTAINER-GUARD = <filename 1..24 without-gen-vers with-wild(40)>
This operand designates the name of a rule container of type COOWNERP in which a first or subsequent rule is to be entered. If the container does not already exist it is newly created.
You can select any container name you choose. However, a rule container with a prescribed name is always used for the purpose of access control.
If wildcards are used in the name of a rule container, then a single command enters the rule in multiple containers provided that these are accessible.
The length of the name without wildcards, catalog ID and user ID must not exceed 8 characters.
Only guard administrators are able to specify wildcards in the user ID.
The specification of the system default ID in the container name, e.g. $<filename> or $.<filename>, is not supported.
PROTECTION-RULE = <alphanumeric name 1..12>
Name of the rule which is to be entered. Duplicated names are not permitted in a container.
RULE-POSITION =
This operand designates the position within a rule container at which the rule which is to be processed should be inserted. The sequence of rules is decisive for the co-ownership check (see section "Search logic").
RULE-POSITION = *LAST
The rule is to be appended at the final position in the rule container.
RULE-POSITION = *BEFORE(...)
The rule is to be entered in front of the named rule in the rule container.
PROTECTION-RULE = <alphanumeric name 1..12>
Name of an existing rule in the rule container in front of which the rule which is to be entered should be positioned.
The command is rejected if no rule with this name exists.
PROTECT-OBJECT = *PARAMETERS(...)
Specifications concerning the object to which the rule which is to be entered is to apply.
NAME =
This operand designates the name of the object to which the rule which is to be entered is to apply.
NAME = <filename 1..41 without-cat-gen-user with-wild(80)>
Name of the object.
The name specification may contain wildcards or may be partially qualified. It must not contain a catalog or user ID. Alias names and declared prefixes are not permitted; the specified object name is used unchanged.
CONDITION-GUARD =
Name of the guard of type STDAC which contains the access conditions. The name must not contain a catalog ID. If the named guard is inaccessible at the time the command is issued, the result of command processing depends on the value of the GUARD-CHECK operand. Its length without a user ID must not exceed 8 characters.
CONDITION-GUARD = *NONE
No guard name is specified. Co-owner protection is deactivated for the object. The object has no co-owners.
CONDITION-GUARD = <filename 1..18 without-cat-gen-ver>
Name of a guard of type STDAC which contains the conditions which must be met by co-owners. The name must not contain a catalog ID.
The specification of the system default ID in the guard name, e.g. $<filename> or $.<filename>, is not supported.
TSOS-ACCESS =
Specifies the co-ownership of the user ID TSOS.
TSOS-ACCESS = *SYSTEM-STD
Specifies that the user ID TSOS has full co-ownership of the object.
TSOS-ACCESS = *RESTRICTED
Specifies that the user ID TSOS has restricted co-ownership of the object. You will find the commands and macros affected by a restriction of TSOS co-ownership in section "Scope of the TSOS restriction".
GUARD-CHECK =
When the command is executed, the availability of the guard named in the rule can be checked if required.
GUARD-CHECK = *YES
The availability of the named guard is checked. If the guard does not exist or if the owner of the rule container which is currently being processed is not authorized to use the guard, then the command is not executed.
GUARD-CHECK = *NO
The command is executed regardless of whether the named guard is available and whether the owner of the rule container which is currently being processed is authorized to use the guard.
DIALOG-CONTROL =
The user can use the command in a guided dialog and can define the type of dialog that is to be performed. Dialog control has no effect in batch mode and thus corresponds to the setting DIALOG-CONTROL=*NO.
DIALOG-CONTROL = *STD
For each selected rule container, the user can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the name of the rule container is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *NO
The command is executed for every selected rule container without any query being issued.
DIALOG-CONTROL = *GUARD-CHANGE
For each selected rule container, the user can decide in interactive mode whether or not the command should be executed. Dialog control is performed independently of whether or not the name of the rule container is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *USER-ID-CHANGE
This guided dialog can only be used by guard administrators.
For each selected user ID, the system administrator can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the user ID in the name of the rule container is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *CATALOG-CHANGE
For each selected catalog ID, the user can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the catalog ID in the name of the rule container is specified using wildcards.
It is possible to abort the command.
Command return codes
(SC2) | SC1 | Maincode | Meaning |
0 | CMD0001 | Command successfully executed | |
2 | 0 | COO3000 | The command was aborted at the user’s request |
2 | 0 | COO3003 | During the processing of rule containers specified using wildcards, it was not possible to process all the selected rule containers correctly. |
1 | COO3100 | An incorrect operand value was detected. | |
32 | COO3200 | An internal error has occurred. A SERSLOG entry has been generated to permit detailed analysis. | |
64 | COO3300 | The specified rule container does not exist. | |
64 | COO3302 | The user is not authorized to execute the function. | |
64 | COO3303 | No further rules can be entered in the rule container. | |
64 | COO3304 | No rule container has been selected. | |
64 | COO3305 | The specified rule name for positioning was not found. | |
64 | COO3306 | A specified guard is not of the required guard type. | |
64 | COO3307 | A rule which is to be inserted already exists. | |
64 | COO3308 | A user ID is unknown. | |
64 | COO3309 | Remote File Access not supported. | |
64 | COO3311 | A guard specified for access conditions is not accessible. | |
64 | COO3313 | A specified Public Volume Set is not available. | |
64 | COO3314 | Error in MRS communications resources. | |
64 | COO3315 | A specified Public Volume Set is not known in the local GUARDS administration. | |
128 | COO3900 | There is no longer sufficient system storage space available. | |
128 | COO3901 | A guard which has to be processed is currently locked by another task and cannot be processed at the present time. | |
128 | COO3902 | A guard is temporarily unavailable because the GUARDS catalog is being changed or a master change is taking place in the computer network. |