Domain: | SECURITY-ADMINISTRATION |
Privileges: | STD-PROCESSING, GUARD-ADMINISTRATION |
This command is used to enter a rule for the assignment of default values to files and job variables in a rule container (guard). If this is the first rule to be entered then a new rule container is created and is assigned the guard type DEFAULTP. The SCOPE is set to *USER-ID in the administrative part of the guard. If the rule container already exists, the SCOPE remains unchanged and the rule is inserted at the specified position in the rule container.
You can create any number of rule containers with user-definable names. Only rule containers named SYS.UDF[<n>] or SYS.UDJ[<n>] and $TSOS.SYS.PDF[<n>] or
$TSOS.SYS.PDJ[<n>] are used for default value assignment (active rule containers, see section "Activating a rule container").
Users can only create rule containers under their own user ID. Guard administrators may create rule containers under different user IDs.
Rule containers for pubset-global default protection can only be created by system administrators or guard administrators and must be stored under the user ID TSOS.
ADD-DEFAULT-PROTECTION-RULE (ADD-DEF-PRO-R) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RULE-CONTAINER-GUARD = <filename 1..24 without-gen-vers with-wild(40)>
This operand designates the name of a rule container of type DEFAULTP in which a first or subsequent rule is to be entered. If the container does not already exist, it is newly created.
The container name is user-definable. However, only active rule containers are used in order of priority for the search for matching default values. These must have a predefined name (see section "Activating a rule container").
If wildcards are used in the name of a rule container, a single command enters the rule in multiple containers, provided that these are accessible.
The length of the name without wildcards, catalog ID and user ID must not exceed 8 characters.
Only guard administrators are able to specify wildcards in the user ID.
The specification of the system default ID in the container name, e.g. $<filename> or $.<filename>, is not supported.
PROTECTION-RULE = <alphanumeric name 1..12>
Name of the rule which is to be entered. Duplicated names are not permitted in a container.
RULE-POSITION =
This operand designates the position within a rule container at which the rule which is to be processed should be inserted. The sequence of rules is decisive for the determination of the protection attribute default values (see section "Search logic").
RULE-POSITION = *LAST
The rule is to be appended at the final position in the rule container.
RULE-POSITION = *BEFORE(...)
The rule is to be entered in front of the named rule in the rule container.
PROTECTION-RULE = <alphanumeric name 1..12>
Name of an existing rule in the rule container in front of which the rule which is to be entered should be positioned. The command is rejected if no rule with this name exists.
PROTECT-OBJECT = *PARAMETERS(...)
Specifications concerning the object to which the rule which is to be entered is to apply.
NAME =
This operand designates the name of the object to which the rule which is to be entered is to apply.
NAME = *TEMPORARY
The object is a temporary object. Only a single rule can be entered to represent any temporary object.
Notes on files
In the case of temporary DMS files, only the protection attributes DESTROY-BY-DELETE and SPACE-RELEASE-LOCK are taken into consideration for the purposes of default value assignment. All other attributes are set to the usual system default values.
Notes on job variables
In the case of temporary job variables, no protection attributes are taken into consideration for the purposes of default value assignment. All the attributes are set to the usual system default values.
NAME = <filename 1..41 without-cat-gen-user with-wild(80)>
Name of the object.
The name specification may contain wildcards or may be partially qualified. It must not contain a catalog or user ID.
Alias names and declared prefixes are not permitted; the specified object name is used unchanged.
ATTRIBUTE-GUARD =
Name of a guard of type DEFPATTR which contains the default values. The name must not contain a catalog ID. If the named guard is inaccessible at the time the command is issued, the result of command processing depends on the value of the GUARD-CHECK operand.
ATTRIBUTE-GUARD = *NONE
No guard name is specified. The default values for the attributes are determined from the next higher level in the hierarchy when default value assignment is performed (pubset-global or usual system default).
ATTRIBUTE-GUARD = <filename 1..18 without-cat-gen-vers>
Name of a guard of type DEFPATTR which contains the protection attributes which are to be used for default value assignment. The name must not contain a catalog ID. Its length without a user ID must not exceed 8 characters.
The specification of the system default ID in the guard name, e.g. $<filename> or $.<filename>, is not supported.
USER-ID-GUARD =
Name of a guard of type DEFPUID which contains the user IDs for path completion in the case of pubset-global default protection. The name must not contain a catalog ID. If the named guard is inaccessible at the time the command is issued - either because it has not been created or because the SCOPE prohibits the use of the guard - then the result of command processing depends on the value of the GUARD-CHECK operand.
USER-ID-GUARD = *ANY-USER-ID
No guard for user IDs is specified. The name of the object applies to all the user IDs in a pubset.
USER-ID-GUARD = <filename 1..18 without-cat-gen-vers>
Name of a guard of type DEFPUID which contains the list of user IDs. The name must not contain a catalog ID. Its length without a user ID must not exceed 8 characters.
The specification of the system default ID in the guard name, e.g. $<filename> or $.<filename>, is not supported.
GUARD-CHECK =
When the command is executed, the availability of the guards named in the rule can be checked if required.
GUARD-CHECK = *YES
The availability of the named guards is checked. If one of the guards does not exist or if the owner of the rule container which is currently being processed is not authorized to use one of the guards, the command is not executed.
GUARD-CHECK = *NO
The command is executed regardless of whether the named guards are available and whether they can be used by the owner of the rule container which is currently being processed.
DIALOG-CONTROL =
The user can use the command in a guided dialog and can define the type of dialog that is to be performed. Dialog control has no effect in batch mode and thus corresponds to the setting DIALOG-CONTROL=*NO.
DIALOG-CONTROL = *STD
For each selected rule container, the user can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the name of the rule container is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *NO
The command is executed for every selected rule container without any query being issued.
DIALOG-CONTROL = *RULE-CONTAINER-CHANGE
For each selected rule container, the user can decide in interactive mode whether or not the command should be executed. Dialog control is performed independently of whether or not the name of the rule container is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *USER-ID-CHANGE
This guided dialog can only be used by guard administrators.
For each selected user ID, the system administrator can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the user ID in the name of the rule container is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *CATALOG-CHANGE
For each selected catalog ID, the user can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the catalog ID in the name of the rule container is specified using wildcards.
It is possible to abort the command.
Command return codes
(SC2) | SC1 | Maincode | Meaning |
0 | CMD0001 | Command successfully executed | |
2 | 0 | DEF3000 | The command was aborted at the user’s request |
2 | 0 | DEF3003 | During the processing of rule containers specified using wildcards, it was not possible to process all the selected rule containers correctly. |
1 | DEF3100 | An incorrect operand value was detected. | |
32 | DEF3200 | An internal error has occurred. A SERSLOG entry has been generated to permit detailed analysis. | |
64 | DEF3300 | The specified rule container does not exist. | |
64 | DEF3302 | The user is not authorized to execute the function. | |
64 | DEF3303 | No further rules can be entered in the rule container. | |
64 | DEF3304 | No rule container has been selected. | |
64 | DEF3305 | The specified rule name for positioning was not found. | |
64 | DEF3306 | A specified guard is not of the required guard type. | |
64 | DEF3307 | A rule which is to be inserted already exists. | |
64 | DEF3308 | A user ID is unknown. | |
64 | DEF3309 | Remote file access not supported. | |
64 | DEF3311 | A guard specified for access conditions is not accessible. | |
64 | DEF3313 | A specified public volume set is not available. | |
64 | DEF3314 | Error in MRS communications resources. | |
64 | DEF3315 | A specified public volume set is not known in the local GUARDS administration. | |
64 | DEF3318 | A guard with user IDs which is to be entered in a rule is not accessible. | |
128 | DEF3900 | There is no longer sufficient system storage space available. | |
128 | DEF3901 | A guard which has to be processed is currently locked by another task and cannot be processed at the present time. | |
128 | DEF3902 | A guard is temporarily unavailable because the GUARDS catalog is being changed or a master change is taking place in the computer network. |