Domain: | SECURITY-ADMINISTRATION |
Privileges: | STD-PROCESSING, GUARD-ADMINISTRATION |
This command is used to remove access conditions from one or more guards. The access conditions can be removed one after the other by means of repeated command calls for the subjects *USER, *GROUP, *OTHERS and *ALL-USERS.
REMOVE-ACCESS-CONDITIONS | ||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||
GUARD-NAME = <filename 1..24 without-gen-vers-with-wild>
Name of the guard from which access conditions are to be removed. This name may contain wildcards.
The specification of the system default ID in the guard name, e.g. $<filename> or $.<filename>, is not supported.
SUBJECTS =
This specifies whose access definitions are to be deleted. Only one subject type may be specified. If the access definitions for several subject types are to be deleted, the command must be called separately for each subject type.
SUBJECTS = *ALL
The definitions for all subjects and the names of all subjects are to be deleted. The guard is then empty and evaluation of this guard will always produce the result FALSE until new conditions are defined for it.
SUBJECTS = *OTHERS
The definitions for *OTHERS are to be deleted.
SUBJECTS =*ALL-USERS
The definitions for *ALL-USERS are to be deleted.
SUBJECTS = *USER(...)
User IDs whose definitions are to be deleted.
USER-IDENTIFICATION = *ALL
All entries for *USER are to be deleted.
USER-IDENTIFICATION = list-poss(20):<name 1..8>
Up to 20 user IDs may be specified explicitly. If more than 20 user IDs are to be deleted from the guard, the command must be executed the necessary number of times.
SUBJECTS = *GROUP(...)
User groups whose definitions are to be deleted.
GROUP-IDENTIFICATION = *ALL / *UNIVERSAL / list-poss(20): <name 1..8>
The definitions for all user groups or for up to 20 explicitly specified groups can be deleted. If the definitions for more than 20 groups are to be deleted, the command must be executed the necessary number of times. *UNIVERSAL is the name of the group root.
DIALOG-CONTROL =
The user can use the command in a guided dialog and can define the type of dialog that is to be performed. Dialog control has no effect in batch mode and thus corresponds to the setting DIALOG-CONTROL=*NO.
DIALOG-CONTROL = *STD
For each selected guard, the user can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the name of the guard is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *NO
The command is executed for every selected guard without any query being issued.
DIALOG-CONTROL = *GUARD-CHANGE
For each selected guard, the user can decide in interactive mode whether or not the command should be executed. Dialog control is performed regardless of whether or not the name of the guard is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *USER-ID-CHANGE
This guided dialog can only be used by guard administrators.
For each selected user ID, the guard administrator can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the user ID in the name of the guard is specified using wildcards.
It is possible to abort the command.
DIALOG-CONTROL = *CATALOG-CHANGE
For each selected catalog ID, the user can decide in interactive mode whether or not the command should be executed. However, dialog control is only performed if the catalog ID in the name of the guard is specified using wildcards.
It is possible to abort the command.
Command return codes
(SC2) | SC1 | Maincode | Meaning |
0 | CMD0001 | Command successfully executed | |
2 | 0 | PRO1011 | The command was aborted at the user’s request |
32 | PRO1001 | An internal error has occurred. A SERSLOG entry has been written for further analysis | |
64 | PRO1002 | Syntax error in the name of the guard | |
64 | PRO1007 | The specified guard does not exist | |
64 | PRO1012 | The specified catalog is not defined or not accessible | |
64 | PRO1013 | The pubset is not known to the GUARDS administration (the guards catalog was probably not opened at IMPORT-PUBSET) | |
64 | PRO1014 | The user is not authorized to execute this function | |
64 | PRO1015 | The specified subject does not exist in the guard | |
64 | PRO1016 | Error in the MRS communication facility | |
64 | PRO1017 | Unknown user ID | |
64 | PRO1018 | The remote system is not available | |
64 | PRO1020 | No more memory space available | |
64 | PRO1021 | BCAM connection error | |
64 | PRO1022 | The BCAM connection has been interrupted | |
64 | PRO1023 | There is no guard matching the selection criteria | |
64 | PRO1028 | Incorrect guard type | |
64 | PRO1029 | GUARDS is not available on the remote system | |
2 | 64 | PRO1035 | Command was not executed |
128 | PRO1009 | The specified guard is locked by another task | |
128 | PRO1036 | The guards catalog is locked | |
128 | PRO1038 | The guards catalog is locked by ARCHIVE |