Domain: | SECURITY-ADMINISTRATION |
Privileges: | STD-PROCESSING, GUARD-ADMINISTRATION |
This command modifies a co-owner protection rule in a rule container (guard of type: COOWNERP).
Users can only modify rule containers under their own user IDs. Guard administrators may modify rule containers belonging to different user IDs.
MODIFY-COOWNER-PROTECTION-RULE (MOD-COO-PRO-R) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RULE-CONTAINER-GUARD = <filename 1..24 without-gen-vers with-wild(40)>
This operand designates the name of a rule container of type COOWNERP in which a rule is to be modified.
Although the container name is user-definable, only rule containers with fixed, predefined names are consulted for access control (active rule containers, see section "Activating a rule container").
If wildcards are used in the name of a rule container, a single command modifies the rule in multiple containers, provided that these are accessible.
The length of the name without wildcards, catalog ID and user ID must not exceed 8 characters.
Only guard administrators are able to specify wildcards in the user ID.
The specification of the system default ID in the container name, e.g. $<filename> or $.<filename>, is not supported.
PROTECTION-RULE = <alphanumeric name 1..12>
Name of the rule which is to be modified. Duplicated names are not permitted in a container.
NEW-NAME =
This operand can be used to rename the rule which is to be processed.
NEW-NAME = *SAME
The name remains unchanged.
NEW-NAME = <alphanumeric name 1..12>
New name which is to be given to the rule.
RULE-POSITION =
This operand designates the position within a rule container at which the rule which is to be processed should be inserted. The sequence of rules is decisive for the co-ownership check (see section "Search logic").
RULE-POSITION = *UNCHANGED
The position of the rule is unchanged.
RULE-POSITION = *LAST
The rule is to be appended at the final position in the rule container.
RULE-POSITION = *BEFORE(...)
The rule is to be entered in front of the named rule in the rule container.
PROTECTION-RULE = <alphanumeric name 1..12>
Name of an existing rule in the rule container in front of which the rule which is to be modified should be positioned. The command is rejected if no rule with this name exists.
PROTECT-OBJECT = *PARAMETERS(...)
Specifications concerning the object to which the rule which is to be entered is to apply.
NAME =
This operand designates the name of the object to which the rule which is to be modified is to apply.
NAME = *UNCHANGED
The name of the object is unchanged
NAME = <filename 1..41 without-cat-gen-user with-wild(80)>
Name of the object.
The name specification may contain wildcards or may be partially qualified. It must not contain a catalog or user ID.
Alias names and declared prefixes are not permitted; the specified object name is used unchanged.
CONDITION-GUARD =
Name of the guard of type STDAC which contains the access condition. The name must not contain a catalog ID. If the named guard is inaccessible at the time the command is issued, the result of command processing depends on the value of the GUARD-CHECK operand.
CONDITION-GUARD = *UNCHANGED
The guard name is unchanged.
CONDITION-GUARD = *NONE
No guard name is specified. Co-owner protection is deactivated for the object. The object has no co-owners.
CONDITION-GUARD = <filename 1..18 without-cat-gen-ver>
Name of a guard of type STDAC which contains the conditions which must be met by co-owners. The name must not contain a catalog ID. The name must not contain a catalog ID. Its length without wildcards, catalog ID and user ID must not exceed 8 characters.
The specification of the system default ID in the guard name, e.g. $<filename> or $.<filename>, is not supported.
TSOS-ACCESS =
Specifies the co-ownership of the user ID TSOS.
TSOS-ACCESS = *UNCHANGED
Specifies that the co-ownership of the object remains unchanged for TSOS.
TSOS-ACCESS = *SYSTEM-STD
Specifies that the user ID TSOS has full co-ownership of the object.
TSOS-ACCESS = *RESTRICTED
Specifies that the user ID TSOS has restricted co-ownership of the object. You will find the commands and macros affected by a restriction of TSOS co-ownership in section "Scope of the TSOS restriction".
GUARD-CHECK =
When the command is executed, the availability of the guard named in the rule can be checked if required.
GUARD-CHECK = *YES
The availability of the named guard is checked. If the guard does not exist or if the owner of the rule container which is currently being processed is not authorized to use the guard, then the command is not executed.
GUARD-CHECK = *NO
The command is executed regardless of whether the named guard is available and whether it can be used by the owner of the rule container which is currently being processed.
DIALOG-CONTROL =
The user can use the command in a guided dialog and can define the type of dialog that is to be performed. Dialog control has no effect in batch mode and thus corresponds to the setting DIALOG-CONTROL=*NO.
DIALOG-CONTROL = *STD
For each selected rule container, the user can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the name of the rule container is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *NO
The command is executed for every selected rule container without any query being issued.
DIALOG-CONTROL = *RULE-CONTAINER-CHANGE
For each selected rule container, the user can decide in interactive mode whether or not the command should be executed. Dialog control is performed regardless of whether or not the name of the rule container is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *USER-ID-CHANGE
This guided dialog can only be used by guard administrators.
For each selected user ID, the system administrator can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the user ID in the name of the rule container is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *CATALOG-CHANGE
For each selected catalog ID, the user can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the catalog ID in the name of the rule container is specified using wildcards.
It is possible to abort the command.
Command return codes
(SC2) | SC1 | Maincode | Meaning |
0 | CMD0001 | Command successfully executed | |
2 | 0 | COO3000 | The command was aborted at the user’s request |
2 | 0 | COO3003 | During the processing of rule containers specified using wildcards, it was not possible to process all the selected rule containers correctly. |
1 | COO3100 | An incorrect operand value was detected. | |
32 | COO3200 | An internal error has occurred. A SERSLOG entry has been generated to permit detailed analysis. | |
64 | COO3300 | The specified rule container does not exist. | |
64 | COO3302 | The user is not authorized to execute the function. | |
64 | COO3303 | No further rules can be entered in the rule container. | |
64 | COO3304 | No rule container has been selected. | |
64 | COO3305 | The specified rule name for positioning was not found. | |
64 | COO3306 | A specified guard is not of the required guard type. | |
64 | COO3307 | A rule which is to be inserted already exists. | |
64 | COO3308 | A user ID is unknown. | |
64 | COO3309 | Remote file access not supported. | |
64 | COO3310 | A rule was not found in the rule container. | |
64 | COO3311 | A guard specified for access conditions is not accessible. | |
64 | COO3313 | A specified public volume set is not available. | |
64 | COO3314 | Error in MRS communications resources. | |
64 | COO3315 | A specified public volume set is not known in the local GUARDS administration. | |
128 | COO3900 | There is no longer sufficient system storage space available. | |
128 | COO3901 | A guard which has to be processed is currently locked by another task and cannot be processed at the present time. | |
128 | COO3902 | A guard is temporarily unavailable because the GUARDS catalog is being changed or a master change is taking place in the computer network. |