SECOS V5.6 (en)

Domain:	SECURITY-ADMINISTRATION
Privileges:	STD-PROCESSING, GUARD-ADMINISTRATION

This command displays the access conditions which apply to the caller in the specified guard. The caller does not need to be the owner of the guard; the access conditions in any guard can be displayed.

The display simply presents the relevant access condition definitions irrespective of whether or not they currently apply. Only those conditions which apply to the caller are displayed. No further conditions which apply to other subjects and are stored in the guard are displayed. For example, a caller will obtain the information that he or she is permitted access on Mondays irrespective of the current day of the week. The SCOPE of the guard is not taken into consideration.

The complete guard contents can be displayed using the /SHOW-ACCESS-CONDITIONS command provided that this is permitted by the SCOPE of the guard.

The caller does not obtain any information about the subject definitions which are used as the basis for the evaluation (the USER, GROUP, OTHERS or ALL-USERS definitions).

SHOW-ACCESS-ADMISSION

GUARD-NAME = <filename 1..24 without-gen-vers>

,OUTPUT = list-poss(2): *SYSOUT / *SYSLST

GUARD-NAME = <filename 1..24 without-gen-vers >
The name of the guard whose access conditions are to be displayed.

The specification of the system default ID in the guard name, e.g. $<filename> or $.<filename>, is not supported.

OUTPUT =
This specifies the destination for the output.

OUTPUT = *SYSOUT
The output is sent to the data display terminal if the command was entered in interactive (dialog) mode. In batch mode, the output destination depends on the specifications in the batch job.

OUTPUT = *SYSLST
The output is sent to SYSLST.

Command return codes

(SC2)	SC1	Maincode	Meaning
	0	CMD0001	Command successfully executed
	32	PRO1001	An internal error has occurred. A SERSLOG entry has been written for further analysis
	64	PRO1002	Syntax error in the guards name
	64	PRO1007	The specified guard does not exist
	64	PRO1012	The specified catalog is not defined or not accessible
	64	PRO1013	The pubset is not known to the GUARDS administration (the guards catalog was probably not opened at IMPORT-PUBSET)
	64	PRO1016	Error in the MRS communication facility
	64	PRO1017	Unknown user ID
	64	PRO1018	The remote system is not available
	64	PRO1020	No more memory space available
	64	PRO1021	BCAM connection error
	64	PRO1022	BCAM connection has been interrupted
	64	PRO1023	There is no guard matching the selection criteria
	64	PRO1024	Use of the guard is not permitted
	64	PRO1028	Incorrect guard type
	64	PRO1029	GUARDS is not available on the remote system
	64	PRO1030	User condition cannot be fulfilled in the guard
	128	PRO1009	The specified guard is locked by another task
	64	OPS0002	Output of S variables has been aborted
	130	OPS0001	It was not possible to output the S variables
	32	CMD2009	System error during output of S variables

Example

Two access conditions have been entered in guard GUARDEXA under user ID SECOS1:

/add-access-conditions guardexa,subjects=*user(secos1),admission=*yes

/add-access-conditions guardexa,subjects=*user(user1),admission=*no

Different outputs are obtained depending on the user ID under which the /SHOW-ACCESS-ADMISSION command is called:

Under user ID SECOS1

/show-access-admission guardexa
:N:$SECOS1.GUARDEXA

User ALWAYS has access admission

--------------------------------------------------------------------------

End of display

Under user ID USER1
/show-access-admission $secos1.guardexa
PRO1030 NO USER ACCESS TO OBJECT PROTECTED BY THIS GUARD

In contrast, the /SHOW-ACCESS-CONDITIONS command supplies the following outputs:

Under user ID SECOS1

/show-access-conditions guardexa
:N:$SECOS1.GUARDEXA

User SECOS1 has ADMISSION

User USER1 has NO ADMISSION
--------------------------------------------------------------------------

Guards selected: 1 End of display

Under user ID USER1
/show-access-conditions $secos1.guardexa
PRO1024 NO AUTHORIZATION FOR GUARD ':2OSG:$QM212.GUARDEXA'. FUNCTION NOT
PROCESSED

The format of the output is not guaranteed.

For further details, see the SHOW-ACCESS-CONDITIONS command.

Output in S variables

Output information	Name of the S variable	T	Contents	Condition
Name of the guard whose access conditions are to be displayed	var(*LIST).GUARD-NAME	S	’’ <filename 1..40>
Subject type USER: conditions applying specifically to one user
Access permission for the user NO: no access PAR: access restricted by certain parameters *YES: access permitted	var(*LIST).USER.ADMIS	S	’’ NO PAR *YES
Calendar date as of which access to the object protected by the guard begins	var(LIST).USER.DATE(LIST).FROM	S	’’ <yyyy-mm-dd>
Calendar date on which access to the object protected by the guard ends	var(LIST).USER.DATE(LIST).TO	S	’’ <yyyy-mm-dd>
How is access via the calendar date controlled? ANY: access to the object is possible at any time EXCEPT: access is forbidden in the specified period *INTERVAL:access is allowed in the specified period	var(*LIST).USER.DATE-KIND	S	’’ ANY EXCEPT *INTERVAL
Privilege for this user	var(LIST).USER.PRIVIL(LIST)	S	’’ ACS-ADM CUST-PRIV-1 ... CUST-PRIV-8 FT-ADM FTAC-ADM GUA-ADM HARDWARE-MAINT HSMS-ADM NET-ADM OPER POSIX-ADM PRINT-SERVICE- ADM PROP-ADM SAT-F-EVALUATION SAT-F-MANAGE SEC-ADM STD-PROCESS SUBSYS-MANAGE SOFTWARE- MONITOR-ADM TAPE-ADM TSOS USER-ADM VIRT-MACHINE- ADM VM2000-ADM
How is access via privileges controlled? ANY: no particular privilege required for access EXCEPT: access forbidden with the specified privileges *INTERVAL: access permitted with the specified privileges	var(*LIST).USER.PRIVIL-KIND	S	’’ ANY EXCEPT *INTERVAL
Name of the program via which the object is accessed	var(LIST).USER.PROG(LIST).F	S	’’ <filename 1..54>
Name of the library element containing the module via which the object is accessed	var(LIST).USER.PROG(LIST).MODULE. ELEM	S	’’ <comp.-name 1..32>
Name of the library containing the module via which the object is accessed	var(LIST).USER.PROG(LIST).MODULE.LIB	S	’’ <filename 1..54>
Does the library element containing the module have to be a particular version? *ANY : no particular version	var(LIST).USER.PROG(LIST).MODULE. VERSION	S	’’ *ANY <comp.-name 1..24>
Name of the library element containing the phase via which the object is accessed	var(LIST).USER.PROG(LIST).PHASE. ELEM	S	’’ <comp.-name 1..64>
Name of the library containing the phase via which the object is accessed	var(LIST).USER.PROG(LIST).PHASE.LIB	S	’’ <filename 1..54>
Does the library element containing the phase have to be a particular version? *ANY : no particular version	var(LIST).USER.PROG(LIST).PHASE. VERSION	S	’’ *ANY <comp.-name 1..24>
What values are assigned to the elements of the list variable var(LIST).USER.PROG(LIST) ? ANY: elements of the list variable are assigned the default value ’’ LIST: elements of the list variable are assigned current values	var(*LIST).USER.PROG-CONTR	S	’’ ANY LIST
Time as of which access to the object protected by the guard begins	var(LIST).USER.TIME(LIST).FROM	S	’’ <hh:mm>
Time at which access to the object protected by the guard ends	var(LIST).USER.TIME(LIST).TO	S	’’ <hh:mm>
How is access via the time of day controlled? ANY: access to the object is possible at any time EXCEPT: access is forbidden during the specified period *INTERVAL: access is permitted during the specified period	var(*LIST).USER.TIME-KIND	S	’’ ANY EXCEPT *INTERVAL
Day of the week on which access to the object protected by the guard is allowed	var(LIST).USER.WEEKDAY(LIST)	S	’’ MONDAY TUESDAY WEDNESDAY THURSDAY FRIDAY SATURDAY *SUNDAY
How is access via the day of the week controlled? ANY: access is allowed on any day of the week EXCEPT: access is forbidden during the specified period *INTERVAL: access is permitted during the specified period	var(*LIST).USER.WEEKDAY-KIND	S	’’ ANY EXCEPT *INTERVAL
WHEN: additional determining conditions stored in the pseudo subject ALL-USERS
Access permission for the user NO: no access PAR: access restricted by certain parameters *YES: access permitted	var(*LIST).WHEN.ADMIS	S	’’ NO PAR *YES
Calendar date as of which access to the object protected by the guard begins	var(LIST).WHEN.DATE(LIST).FROM	S	’’ <yyyy-mm-dd>
Calendar date on which access to the object protected by the guard ends	var(LIST).WHEN.DATE(LIST).TO	S	’’ <yyyy-mm-dd>
How is access via the calendar date controlled? ANY: access to the object is possible at any time EXCEPT: access is forbidden during the specified period *INTERVAL: access is permitted during the specified period	var(*LIST).WHEN.DATE-KIND	S	’’ ANY EXCEPT *INTERVAL
Privilege	var(LIST).WHEN.PRIVIL(LIST)	S	’’ ACS-ADM CUST-PRIV-1 ... CUST-PRIV-8 FT-ADM FTAC-ADM GUA-ADM HARDWARE-MAINT HSMS-ADM NET-ADM OPER POSIX-ADM PRINT-SERVICE- ADM PROP-ADM SAT-F-EVALUATION SAT-F-MANAGE SEC-ADM STD-PROCESS SUBSYS-MANAGE SOFTWARE- MONITOR-ADM TAPE-ADM TSOS USER-ADM VIRT-MACHINE- ADM VM2000-ADM
How is access via privileges controlled? ANY: no particular privilege required for access EXCEPT: access forbidden with the specified privileges *INTERVAL: access permitted with the specified privileges	var(*LIST).WHEN.PRIVIL-KIND	S	’’ ANY EXCEPT *INTERVAL
Name of the program via which the object is accessed	var(LIST).WHEN.PROG(LIST).F	S	’’ <filename 1..54>
Name of the library element containing the module via which the object is accessed	var(LIST).WHEN.PROG(LIST).MODULE. ELEM	S	’’ <comp.-name 1..32>
Name of the library containing the module via which the object is accessed	var(LIST).WHEN.PROG(LIST).MODULE. LIB	S	’’ <filename 1..54>
Does the library element containing the module have to be a particular version? *ANY : no particular version	var(LIST).WHEN.PROG(LIST).MODULE. VERSION	S	’’ *ANY <comp.-name 1..24>
Name of the library element containing the phase via which the object is accessed	var(LIST).WHEN.PROG(LIST).PHASE. ELEM	S	’’ comp.-name 1..64>
Name of the library containing the phase via which the object is accessed	var(LIST).WHEN.PROG(LIST).PHASE.LIB	S	’’ <filename 1..54>
Does the library element containing the phase have to be a particular version? *ANY: no particular version	var(LIST).WHEN.PROG(LIST).PHASE. VERSION	S	’’ *ANY <comp.-name 1..24>
What values are assigned to the elements of the list variable var(LIST).WHEN.PROG (LIST)? ANY: elements of the list variable are assigned the default value ’’ LIST: elements of the list variable are assigned current values	var(*LIST).WHEN.PROG-CONTR	S	’’ ANY LIST
Time as of which access to the object protected by the guard begins	var(LIST).WHEN.TIME(LIST).FROM	S	’’ <hh:mm>
Time at which access to the object protected by the guard ends	var(LIST).WHEN.TIME(LIST).TO	S	’’ <hh:mm>
How is access via the time of day controlled? ANY: access to the object is possible at any time EXCEPT: access is forbidden during the specified period *INTERVAL: access is permitted during the specified period	var(*LIST).WHEN.TIME-KIND	S	’’ ANY EXCEPT *INTERVAL
Day of the week on which access to the object protected by the guard is allowed	var(LIST).WHEN.WEEKDAY(LIST)	S	’’ MONDAY TUESDAY WEDNESDAY THURSDAY FRIDAY SATURDAY *SUNDAY
How is access via the day of the week controlled? ANY: access is permitted on any day of the week EXCEPT: access is forbidden during the specified period *INTERVAL: access is permitted during the specified period	var(*LIST).WHEN.WEEKDAY-KIND	S	’’ ANY EXCEPT *INTERVAL

Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly

SHOW-ACCESS-ADMISSION Display access conditions

Example

Output in S variables