This command is used to modify the default values of protection attributes in an attribute guard.

Users can only modify attribute guards for their own user IDs. Guard administrators can modify attribute guards under other user IDs.

When the command is called, attributes are only ever modified in one of the two attribute areas *CREATE-OBJECT or *MODIFY-OBJECT-ATTR.

Meaning of the operand value *SYSTEM-STD

The value *SYSTEM-STD represents an attribute value which has been prespecified for a higher instance in the hierarchy.

This higher instance in the hierarchy is

• the pubset-global rule container,
  if the attribute guard is evaluated on the basis of a user-specific rule container

• the usual system default,
  if the attribute guard is evaluated on the basis of a pubset-global rule container or if there is no pubset-global rule container.

GUARD-NAME = <filename 1..24 without-gen-vers with-wild(40)>
This operand designates the name of a guard of type DEFPATTR in which the default values for protection attributes are to be modified. The guard name may contain wildcards. However, its length without a catalog ID and user ID must not exceed 8 characters.

The specification of the system default ID in the guard name, e.g. $<filename> or $.<filename>, is not supported.

ATTR-SCOPE =
Two attribute areas are managed in an attribute guard:

1. Protection attributes which are to be used in the future when a new object is created (for example with /CREATE-FILE) and

2. Protection attributes which are to be used in the future when an existing object is modified (for example with /MODIFY-FILE-ATTRIBUTES).

ATTR-SCOPE = *CREATE-OBJECT
The modification applies to the attribute area which will be used in the future when a new object for default value assignment is created.

ATTR-SCOPE = *MODIFY-OBJECT-ATTR
The modification applies to the attribute area which will be used in the future when the attributes of an existing object for default value assignment are modified.

ACCESS = *UNCHANGED / *SYSTEM-STD / *WRITE / *READ
Specifies the type of access which is permitted to the object.

ACCESS = *SYSTEM-STD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSTEM-STD").

ACCESS = *WRITE
Read, write and execute object accesses are permitted

ACCESS = *READ
Only read and execute object accesses are permitted.

USER-ACCESS = *UNCHANGED / *SYSTEM-STD / *OWNER-ONLY / *ALL-USERS / *SPECIAL
Specifies whether other user IDs can access the object.

USER-ACCESS = *SYSTEM-STD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSTEM-STD").

USER-ACCESS = *OWNER-ONLY
Access to the object is only possible under the user’s own user ID as well as under all catalog IDs under which the user ID (of the same name) has been set up (i.e. not only under the catalog ID under which the object was created). Co-owners can also access the object.

USER-ACCESS = *ALL-USERS
Access to the object is also possible under other user IDs.

USER-ACCESS = *SPECIAL
The object is accessible to all user IDs including IDs with the privilege HARDWARE-MAINTENANCE. Accesses on the part of maintenance IDs are generally only possible if USER-ACCESS=*SPECIAL is specified.

BASIC-ACL = *UNCHANGED / *SYSTEM-STD / *NONE / *PARAMETERS(...)
Activates access control via BACL.

BASIC-ACL = *SYSTEM-STD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSTEM-STD").

BASIC-ACL = *NONE
Access control via BACL is not activated.

BASIC-ACL = *PARAMETERS(...)
Access control via BACL is activated by explicit specification, provided that no higher-ranking access control is active.

OWNER = *UNCHANGED / *PARAMETERS(...)
Specifies the access rights for the owners and co-owners of the file.

OWNER = *PARAMETERS(...)
The owner’s access rights are specified below.

READ = *UNCHANGED / *NO / *YES
Specifies whether read access is authorized.

WRITE = *UNCHANGED / *NO / *YES
Specifies whether write access is authorized.

EXEC = *UNCHANGED / *NO / *YES
Specifies whether execute access is authorized.

GROUP = *UNCHANGED / *PARAMETERS(...)
Specifies the access rights for members of the owner’s group.

GROUP = *PARAMETERS(...)
The access rights for members of the owner’s user group are specified below.

READ = *UNCHANGED / *NO / *YES
Specifies whether read access is authorized.

WRITE = *UNCHANGED / *NO / *YES
Specifies whether write access is authorized.

EXEC = *UNCHANGED / *NO / *YES
Specifies whether execute access is authorized.

OTHERS = *UNCHANGED / *PARAMETERS(...)
Specifies the access rights for all users who are not members of the owner’s user group.

OTHERS = *PARAMETERS(...)
The access rights for the other users are specified below.

READ = *UNCHANGED / *NO / *YES
Specifies whether read access is authorized.

WRITE = *UNCHANGED / *NO / *YES
Specifies whether write access is authorized.

EXEC = *UNCHANGED / *NO / *YES
Specifies whether execute access is authorized.

GUARDS = *UNCHANGED / *SYSTEM-STD / *NONE / *PARAMETERS(...)
Specifies whether access control is performed via GUARDS.

GUARDS = *SYSTEM-STD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSTEM-STD").

GUARDS = *NONE
Access control is not performed via GUARDS.

GUARDS = *PARAMETERS(...)
Access control is performed via GUARDS.
The guard name may be a maximum of 8 characters or a maximum of 18 characters if a user ID is specified. A catalog ID cannot be specified since the guard must always be stored in the catalog in which the file is also located!

READ =
Specifications for read control.

READ = *UNCHANGED
The value is unchanged.

READ = *NONE
No guard name is assigned. No read accesses are permitted

READ = <filename 1..18 without-cat-gen-vers>
Name of a guard which controls read access. The length of the name without a user ID must not exceed 8 characters.

The specification of the system default ID in the guard name, e.g. $<filename> or $.<filename>, is not supported.

WRITE =
Specifications for write control.

WRITE = *UNCHANGED
The value is unchanged.

WRITE =*NONE
No guard name is assigned. No write accesses are permitted.

WRITE = <filename 1..18 without-cat-gen-vers>
Name of a guard which controls write access. The length of the name without a user ID must not exceed 8 characters.

The specification of the system default ID in the guard name, e.g. $<filename> or $.<filename>, is not supported.

EXEC =
Specifications for execute control.

EXEC = *UNCHANGED
The value is unchanged.

EXEC = *NONE
No guard name is assigned. No execute accesses are permitted.

EXEC = <filename 1..18 without-cat-gen-vers>
Name of a guard which controls execute access. The length of the name without a user ID must not exceed 8 characters.

The specification of the system default ID in the guard name, e.g. $<filename> or $.<filename>, is not supported.

WRITE-PASSWORD = *UNCHANGED / *SYSTEM-STD / *NONE / *SECRET /
<c-string 1..4> / <x-string 1..8> / <integer -2147483648..2147483647>
Password to protect against unauthorized write accesses. The WRITE-PASSWORD operand is defined as “secret”. In interactive mode, the entry field is blanked out and the entered value is not logged.

WRITE-PASSWORD = *SYSTEM-STD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSTEM-STD").

WRITE-PASSWORD = *NONE
No write password is assigned.

WRITE-PASSWORD = *SECRET
This specification is only possible in an unguided dialog and permits the confidential entry of the desired write password. In this case, a special prompt is issued and a blanked-out field is displayed for the “secret” password

READ-PASSWORD = *UNCHANGED / *SYSTEM-STD / *NONE / *SECRET /
<c-string 1..4> / <x-string 1..8> / <integer -2147483648..2147483647>
Password to protect against unauthorized read accesses. The READ-PASSWORD operand is defined as “secret”. In interactive mode, the entry field is blanked out and the entered value is not logged.

READ-PASSWORD = *SYSTEM-STD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSTEM-STD").

READ-PASSWORD = *NONE
No read password is assigned.

READ-PASSWORD = *SECRET
This specification is only possible in an unguided dialog and permits the confidential entry of the desired read password. In this case, a special prompt is issued and a blanked-out field is displayed for the “secret” password.

EXEC-PASSWORD = *UNCHANGED / *SYSTEM-STD / *NONE / *SECRET /
<c-string 1..4> / <x-string 1..8> / <integer -2147483648..2147483647>
Password to protect against unauthorized execute accesses. The EXEC-PASSWORD operand is defined as “secret”. In interactive mode, the entry field is blanked out and the entered value is not logged.

EXEC-PASSWORD = *SYSTEM-STD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSTEM-STD").

EXEC-PASSWORD = *NONE
No execute password is assigned.

EXEC-PASSWORD = *SECRET
This specification is only possible in an unguided dialog and permits the confidential entry of the desired execute password. In this case, a special prompt is issued and a blanked-out field is displayed for the “secret” password.

DESTROY-BY-DELETE = *UNCHANGED / *SYSTEM-STD / *NO / *YES
To enhance data protection, users can specify in the catalog entry that files which are no longer required should be overwritten with X’00’ (binary zero). In the case of disk files, this has an effect on delete operations and storage space release operations (see the commands /MODIFY-FILE-ATTRIBUTES and /DELETE-FILE). In the case of tape files, this has an effect on the overwriting of residual files during EOF and EOV processing (see the DESTROY-OLD-CONTENTS operand in the /ADD-FILE-LINK command).

DESTROY-BY-DELETE = *SYSTEM-STD
The attribute value supplied by the higher-ranking instance in the hierarchy is used as the default value. This is the pubset-global rule container if the attribute guard is evaluated on the basis of a user-specific rule container. It is the usual system default if the attribute guard is evaluated on the basis of a pubset-global rule container or if there is no pubset-global rule container.

DESTROY-BY-DELETE = *NO
If this setting is made then the definition in the /DELETE-FILE command applies (OPTION operand).

In the case of disk files, storage space is released unchanged unless the operand OPTION=DESTROY-ALL is specified in the /DELETE-FILE command.

In the case of tape files, the residual files which follow on the tape are not overwritten if DESTROY-OLD-CONTENTS=*YES is not specified for the current processing run in the /ADD-FILE-LINK command.

DESTROY-BY-DELETE = *YES
This setting also applies if a different definition is made in the OPTION operand of the /DELETE-FILE command.

In the case of disk files, released storage space is automatically overwritten with binary zero (X’00’).

In the case of tape files, the tape contents after the end of the file are overwritten with binary zero (X’00’). It is not necessary to specify the deletion of the residual files for the current processing run in the /ADD-FILE-LINK command.

SPACE-RELEASE-LOCK = *UNCHANGED / *SYSTEM-STD / *NO / *YES
Specifies whether the release of storage space with the /MODIFY-FILE-ATTRIBUTES command or FILE macro should be ignored.

SPACE-RELEASE-LOCK = *SYSTEM-STD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSTEM-STD").

SPACE-RELEASE-LOCK = *NO
Storage space can be released.

SPACE-RELEASE-LOCK = *YES
Storage space cannot be released.

EXPIRATION-DATE = *UNCHANGED / *SYSTEM-STD / *TODAY / <date with-compl> / <integer 0..99999>
Expiration date for the file. The file cannot be modified or deleted before the specified date. An expiration date can only be specified if the file has already been opened, i.e. if it possesses a CREATION-DATE.

If it is not specified using a keyword, there are two ways of defining an expiration date:

• as an absolute date specification
  Date specification in the form YY-MM-DD or YYYY-MM-DD
  (YY = year, MM = month, DD = day).

• as a relative date specification
  Maximum of 6 places including the sign in the form +n as the distance from the current day date.

EXPIRATION-DATE = *SYSTEM-STD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSTEM-STD").

EXPIRATION-DATE = *TODAY
No expiration date is set or an existing expiration date is deactivated by setting the current day date.

EXPIRATION-DATE = *TOMORROW
The next day’s date is specified as the expiration date.

EXPIRATION-DATE = <date with-compl>
The file is protected until the specified date (exclusive).

EXPIRATION-DATE = <integer 0..99999>
The file cannot be deleted or modified for the specified number of days.

FREE-FOR-DELETION = *UNCHANGED / *SYSTEM-STD / *NONE / <date with-compl> / <integer 0..99999>
Specifies when the object can be deleted irrespective of its protection attributes.

If it is not specified using a keyword, there are two ways of defining the free-for-deletion date:

• as an absolute date specification
  Date specification in the form YY-MM-DD or YYYY-MM-DD
  (YY = year, MM = month, DD = day).

• as a relative date specification
  Maximum of 6 places including the sign in the form +n as the distance from the current day date.

FREE-FOR-DELETION = *SYSTEM-STD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSTEM-STD").

FREE-FOR-DELETION = *NONE
The object can only be deleted if this is permitted by the protection attributes.

FREE-FOR-DELETION = <date with-compl>
The object may be deleted as of the specified date irrespective of the protection attributes.

FREE-FOR-DELETION = <integer 0..99999>
The object can be deleted irrespective of the protection attributes after the specified number of days.

DIALOG-CONTROL =
The user can use the command in a guided dialog and can define the type of dialog that is to be performed. Dialog control has no effect in batch mode and thus corresponds to the setting DIALOG-CONTROL=*NO.

DIALOG-CONTROL = *STD
For each selected attribute guard, the user can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the name of the attribute guard is specified using wildcards.

It is possible to abort the command.

DIALOG-CONTROL = *NO
The command is executed for every selected attribute guard without any query being issued.

DIALOG-CONTROL = *GUARD-CHANGE
For each selected attribute guard, the user can decide in interactive mode whether or not the command should be executed. Dialog control is performed regardless of whether or not the name of the attribute guard is specified using wildcards.

It is possible to abort the command.

DIALOG-CONTROL = *USER-ID-CHANGE
This guided dialog can only be used by guard administrators.
For each selected user ID, a guard administrator can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the user ID in the name of the attribute guard is specified using wildcards.

It is possible to abort the command.

DIALOG-CONTROL = *CATALOG-CHANGE
For each selected catalog ID, the user can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the catalog ID in the name of the attribute guard is specified using wildcards.

It is possible to abort the command.

Command return codes