SECOS V5.6 (en)

Domain:	SECURITY-ADMINISTRATION
Privileges:	STD-PROCESSING, GUARD-ADMINISTRATION

With this command, users can display the default protection values which are defined for a specified object name together with the rules in which these default protection values are described. However, the default protection attributes are only displayed for the command caller’s own objects or for objects to which he or she has a corresponding co-owner authorization.

Default protection rules can be specified for both files and job variables and entered in a separate, active rule container for each of these object types. For this reason, the RULE-CONTAINER-TYPE operand is used to define whether information is required concerning the default protection attributes of files or job variables.

A complete attribute set is always displayed irrespective of whether or not individual attributes for job variables are applicable or not.

SHOW-OBJECT-PROTECTION-DEFAULT (SHO-OBJ-PRO-DEF)

OBJECT-NAME = <filename 1..54 without-gen>
,RULE-CONTAINER-TYPE = FILE / JV
,INFORMATION = ATTRIBUTE-VALUES / ATTRIBUTE-ORIGIN
,OUTPUT = SYSOUT / list-poss(2): SYSOUT / *SYSLST(...)
	*SYSLST(...)
		\|	SYSLST-NUMBER = *STD / <integer 1..99>

OBJECT-NAME =
Name of the object about whose default protection attributes the user wants information.

CAUTION!
The name must not contain wildcards.

RULE-CONTAINER-TYPE =
Type of active rule container which is to be searched for the default attribute definition.

RULE-CONTAINER-TYPE = *FILE
Active rule containers which contain rules for the default protection of files are searched (SYS.UDF[<n>]).

RULE-CONTAINER-TYPE = *JV
Active rule containers which contain rules for the default protection of job variables are searched (SYS.UDJ[<n>]).

INFORMATION =
Specifies the extent of the information to be output.

INFORMATION = *ATTRIBUTE-VALUES
The values of the default protection attributes determined from the corresponding rule containers and rules are displayed.

INFORMATION = *ATTRIBUTE-ORIGIN
In addition to the attribute values, the rule container names and rules in which the corresponding attribute value is defined are also displayed for each detected default protection attribute.

OUTPUT = list-poss(2):
This operand defines the destination of the output.

OUTPUT = *SYSOUT
Output is directed to the terminal if the command was issued in interactive mode. In batch mode, the output destination depends on the specifications in the job.

OUTPUT = *SYSLST(...)
Output is directed to the system file SYSLST.

SYSLST-NUMBER = *STD
Output is directed to the system file SYSLST.

SYSLST-NUMBER = <integer 1..99>
Two-digit number nn used to form the file name SYSLSTnn.

Output layout (attribute values)

Example

The co-owner LUCIFER wants information about the default protection attributes which would be assigned to a file named $GUABRIEL.PARADISE if he were to create such a file or modify the attributes with /MODIFY-FILE-ATTRIBUTES PROTECTION-ATTR=*BY-DEF-PROT-OR-STD.

The user enters the following command:

/show-object-protection-default object-name=:abcd:$guabriel.paradise -
/ information=*attribute-values

------------------------------------------------------------------------------

DEFAULTS FOR FILE :ABCD:$GUABRIEL.PARADISE
------------------------------------------------------------------------------

                   % SCOPE: CREATE-OBJECT        % SCOPE: MODIFY-OBJECT-ATTR
                   % --------------------------- % --------------------------
ACCESS             % *SYSTEM-STD                 % *READ
USER-ACCESS        % *SYSTEM-STD                 % *OWNER-ONLY
BASIC-ACL          % *SYSTEM-STD                 % *NONE
GUARDS             % *SYSTEM-STD                 % READ   = $GUABRIEL.REAGUARD
                   %                             % WRITE  = $GUABRIEL.WRIGUARD
                   %                             % EXEC   = $GUABRIEL.EXEGUARD
READ-PASSWORD      % *SYSTEM-STD                 % *YES
WRITE-PASSWORD     % *SYSTEM-STD                 % *SYSTEM-STD
EXEC-PASSWORD      % *SYSTEM-STD                 % *SYSTEM-STD
DESTROY-BY-DELETE  % *SYSTEM-STD                 % *YES
SPACE-RELEASE-LOCK % *SYSTEM-STD                 % *YES
EXPIRATION-DATE    % *SYSTEM-STD                 % *SYSTEM-STD
FREE-FOR-DELETION  % *SYSTEM-STD                 % *SYSTEM-STD
------------------------------------------------------------------------------

END OF DISPLAY

Output layout (attribute origin)

Example

The co-owner LUCIFER wants information about where the default protection attributes for a file named $GUABRIEL.PARADIES would be taken from if he were to create such a file or modify its attributes with /MODIFY-FILE-ATTRIBUTES PROTECTION-ATTR=*BY-DEF-PROT-OR-STD.

The user enters the following command:

/show-object-protection-default object-name=:abcd:$guabriel.paradise -
/ information=*attribute-origin

------------------------------------------------------------------------------

DEFAULT ORIGIN FOR FILE :ABCD:$GUABRIEL.PARADISE

------------------------------------------------------------------------------

ACCESS               SCOPE           % CREATE-OBJECT
                     VALUE           % *SYSTEM-STD
                     CONTAINER GUARD % $GUABRIEL.SYS.UDF         USR ACTIVE
                     RULE            % RULE00000001
                     USERID GUARD    %                           IGNORED
                     ATTRIBUTE GUARD % $GUABRIEL.MYATTRIB
------------------------------------------------------------------------------

ACCESS               SCOPE           % MODIFY-OBJECT-ATTR
                     VALUE           % *SYSTEM-STD
                     CONTAINER GUARD % $GUABRIEL.SYS.UDF         USR ACTIVE
                     RULE            % RULE00000001
                     USERID GUARD    %                           IGNORED
                     ATTRIBUTE GUARD % $GUABRIEL.MYATTRIB
------------------------------------------------------------------------------

USER-ACCESS*

BASIC-ACL*

GUARDS*

READ-PASSWORD*

WRITE-PASSWORD*

EXEC-PASSWORD*

DESTROY-BY-DELETE*

SPACE-RELEASE-LOCK*

EXPIRATION-DATE*

------------------------------------------------------------------------------

FREE-FOR-DELETION    SCOPE          : CREATE-OBJECT
                     VALUE           % *SYSTEM-STD
                     CONTAINER GUARD: $TSOS.SYS.PDF              PVS ACTIVE
                     RULE           : 2
                     USERID GUARD   :                            *ANY-USER-ID
                     ATTRIBUTE GUARD: $TSOS.SYSATTR
------------------------------------------------------------------------------

FREE-FOR-DELETION    SCOPE          : MODIFY-OBJECT-ATTR
                     VALUE           % *SYSTEM-STD
                     CONTAINER GUARD: $TSOS.SYS.PDF              PVS ACTIVE
                     RULE           : 2
                     USERID GUARD   :                            *ANY-USER-ID
                     ATTRIBUTE GUARD: $TSOS.SYSATTR
------------------------------------------------------------------------------

END OF DISPLAY

* For reasons of space, the output for these attributes is not presented here. The format of the output is the same as for the attributes ACCESS and FREE-FOR-DELETION

The format of the output is not guaranteed.

Command return codes

(SC2)	SC1	Maincode	Meaning
	0	CMD0001	Command successfully executed
	1	DEF3100	An incorrect operand value was detected.
	32	DEF3200	An internal error has occurred. A SERSLOG entry has been generated to permit detailed analysis.
	64	DEF3300	The specified rule container does not exist.
	64	DEF3302	The user is not authorized to execute the function.
	64	DEF3306	A specified guard is not of the required guard type.
	64	DEF3308	A user ID is unknown.
	64	DEF3309	Remote file access not supported.
	64	DEF3312	No default protection rule was found for a named object.
	64	DEF3313	A specified public volume set is not available.
	64	DEF3314	Error in MRS communications resources.
	64	DEF3315	A specified public volume set is not known in the local GUARDS administration.
	64	DEF3316	Default protection is not active since no active rule container was found.
	64	DEF3318	A guard with user IDs which are to be entered in a rule is not accessible.
	64	DEF3320	A specified attribute guard is not accessible.
	64	DEF3321	A required user-specific rule container is not accessible.
	64	DEF3322	A required pubset-specific rule container is not accessible.
	128	DEF3900	There is no longer sufficient system storage space available.
	128	DEF3901	A guard which has to be processed is currently locked by another task and cannot be processed at the present time.
	128	DEF3902	A guard is temporarily unavailable because the GUARDS catalog is being changed or a master change is taking place in the computer network.
	128	OPS0002	Output of S variables has been aborted
	130	OPS0001	It was not possible to output the S variables
	32	CMD2009	System error during output of S variables

Output in S variables

The command’s INFORMATION operand is used to determine which of the S variables are to be assigned values. The following specifications are possible for INFORMATION:

Notation in command	Abbreviated notation in table
INFORMATION = *ATTRIBUTE-VALUES	1
INFORMATION = *ATTRIBUTE-ORIGIN	2

Output information	Name of the S variable	T	Contents	Condition
Name of the object	VAR(*LIST).OBJECT-NAME	S	<filename 1..54>	1, 2
Type of active rule container	VAR(*LIST).RULE-CONTAIN-TYPE	S	FILE JV	1, 2
Attribute area	VAR(LIST).SCOPE(LIST).SCOPE	S	CREATE-OBJECT MODIFY-OBJECT- ATTR	1, 2
Access type	VAR(LIST).SCOPE(LIST).ATTR-ACCESS	S	SYSTEM-STD READ *WRITE	1, 2
Users who can access the object	VAR(LIST).SCOPE(LIST). ATTR-USER-ACCESS	S	SYSTEM-STD OWNER-ONLY ALL-USERS SPECIAL	1, 2
Protection by BASIC-ACL	VAR(LIST).SCOPE(LIST). ATTR-B-ACL.ACTIVE	S	SYSTEM-STD NONE *BY-VALUE	1, 2
Read authorization for OWNER (BASIC-ACL)	VAR(LIST).SCOPE(LIST). ATTR-B-ACL.OWNER.READ	S	YES NO ''	1, 2
Execute authorization for OWNER (BASIC-ACL)	VAR(LIST).SCOPE(LIST). ATTR-B-ACL.OWNER.WRITE	S	YES NO ''	1, 2
Write authorization for OWNER (BASIC-ACL)	VAR(LIST).SCOPE(LIST). ATTR-B-ACL.OWNER.EXEC	S	YES NO ''	1, 2
Read authorization for GROUP (BASIC-ACL)	VAR(LIST).SCOPE(LIST). ATTR-B-ACL.GROUP.READ	S	YES NO ''	1, 2
Execute authorization for GROUP (BASIC-ACL)	VAR(LIST).SCOPE(LIST). ATTR-B-ACL.GROUP.WRITE	S	YES NO ''	1, 2
Write authorization for GROUP (BASIC- ACL)	VAR(LIST).SCOPE(LIST). ATTR-B-ACL.GROUP.EXEC	S	YES NO ''	1, 2
Read authorization for OTHERS (BASIC-ACL)	VAR(LIST).SCOPE(LIST). ATTR-B-ACL.OTHERS.READ	S	YES NO ''	1, 2
Execute authorization for OTHERS (BASIC-ACL)	VAR(LIST).SCOPE(LIST). ATTR-B-ACL.OTHERS.WRITE	S	YES NO ''	1, 2
Write authorization for OTHERS (BASIC-ACL)	VAR(LIST).SCOPE(LIST). ATTR-B-ACL.OTHERS.EXEC	S	YES NO ''	1, 2
Protection by GUARDS	VAR(LIST).SCOPE(LIST). ATTR-GUARDS.ACTIVE	S	SYSTEM-STD NONE *BY-VALUE	1, 2
Name of guard which controls read access	VAR(LIST).SCOPE(LIST). ATTR-GUARDS.READ	S	<guard-name> *NONE ''	1, 2
Name of guard which controls write access	VAR(LIST).SCOPE(LIST). ATTR-GUARDS.WRITE	S	<guard-name> *NONE ''	1, 2
Name of guard which controls execute access	VAR(LIST).SCOPE(LIST). ATTR-GUARDS.EXEC	S	<guard-name> *NONE ''	1, 2
Read password	VAR(LIST).SCOPE(LIST). ATTR-READ-PASS	S	SYSTEM-STD NONE *YES	1, 2
Write password	VAR(LIST).SCOPE(LIST). ATTR-WRITE-PASS	S	SYSTEM-STD NONE *YES	1, 2
Execute password	VAR(LIST).SCOPE(LIST). ATTR-EXEC-PASS	S	SYSTEM-STD NONE *YES	1, 2
Data destroyed on deletion	VAR(LIST).SCOPE(LIST). ATTR-DESTROY	S	SYSTEM-STD YES *NO	1, 2
Release of storage space	VAR(LIST).SCOPE(LIST). ATTR-SPACE-RELE-LOCK	S	SYSTEM-STD YES *NO	1, 2
Release date	VAR(LIST).SCOPE(LIST). ATTR-EXPIR-DATE	S I	SYSTEM-STD TODAY *TOMORROW <yyyy-mm-dd> <integer 1..99999>	1, 2
Date on which object was deleted	VAR(LIST).SCOPE(LIST). ATTR-DEL-DATE	S I	SYSTEM-STD NONE <yyyy-mm-dd> <integer 1..99999>	1, 2
Rule defining the access type	VAR(LIST).SCOPE(LIST).ORIG-ACCESS	Substructure (for structure, see the comment at the end of this table)		1
Rule defining the users who can access the object	VAR(LIST).SCOPE(LIST). ORIG-USER-ACCESS	Substructure (for structure, see the comment at the end of this table)		1
Rule defining protection via BASIC-ACL	VAR(LIST).SCOPE(LIST). ORIG-B-ACL	Substructure (for structure, see the comment at the end of this table)		1
Rule defining protection via GUARDS	VAR(LIST).SCOPE(LIST). ORIG-GUARDS	Substructure (for structure, see the comment at the end of this table)		1
Rule defining the read password	VAR(LIST).SCOPE(LIST). ORIG-READ-PASS	Substructure (for structure, see the comment at the end of this table)		1
Rule defining the write password	VAR(LIST).SCOPE(LIST). ORIG-WRITE-PASS	Substructure (for structure, see the comment at the end of this table)		1
Rule defining the execute password	VAR(LIST).SCOPE(LIST). ORIG-EXEC-PASS	Substructure (for structure, see the comment at the end of this table)		1
Rule defining whether data is destroyed on deletion	VAR(LIST).SCOPE(LIST). ORIG-DESTROY	Substructure (for structure, see the comment at the end of this table)		1
Rule defining whether storage space is locked	VAR(LIST).SCOPE(LIST). ORIG-SPACE-RELE-LOCK	Substructure (for structure, see the comment at the end of this table)		1
Rule defining the release date	VAR(LIST).SCOPE(LIST). ORIG-EXPIR-DATE	Substructure (for structure, see the comment at the end of this table)		1
Rule defining the deletion date of the object	VAR(LIST).SCOPE(LIST). ORIG-DEL-DATE	Substructure (for structure, see the comment at the end of this table)		1

Comment

The substructures ORIG-ACCESS, ORIG-USER-ACCESS, ORIG-B-ACL, ORIG-GUARDS, ORIG-READ-PASS, ORIG-WRITE-PASS, ORIG-EXEC-PASS, ORIG-DESTROY, ORIG-SPACE-RELE-LOCK, ORIG-EXPIR-DATE and ORIG-DEL-DATE consist of the following individual variables:

Output information	Name of the S variable	T	Contents	Condition
Rule container in which the value of the attribute is defined	VAR(LIST).SCOPE(LIST).ORIG-xxx. RULE-CONTAIN-GUARD	S	<filename 1..24>	1
Specification of whether it is a pubset-global or user-specific rule container	VAR(LIST).SCOPE(LIST).ORIG-xxx. RULE-CONTAIN-CONDITION	S	USR ACTIVE PVS ACTIVE	1
Name of the rule defining the value of the attribute	VAR(LIST).SCOPE(LIST).ORIG-xxx. RULE-NAME	S	<alphanumeric name 1..12>	1
Name of the attribute guard entered in the rule	VAR(LIST).SCOPE(LIST).ORIG-xxx. ATTRIBUTE-GUARD	S	<filename 1..24>	1
Name of the user ID guard entered in the rule	VAR(LIST).SCOPE(LIST).ORIG-xxx. USER-ID-GUARD	S	<filename 1..24>	1
Specification of whether a user ID guard is entered in the rule/whether the user ID guard is evaluated	VAR(LIST).SCOPE(LIST).ORIG-xxx. USER-ID-GUARD-IND	S	IGNORED *ANY-USER-ID ’’	1

Example:

The substructure VAR(*LIST).SCOPE(*LIST).ORIG-ACCESS consists of the following variables:

VAR(*LIST).SCOPE(*LIST).ORIG-ACCESS.RULE-CONTAIN-GUARD
VAR(*LIST).SCOPE(*LIST).ORIG-ACCESS.RULE-CONTAIN-CONDITION
VAR(*LIST).SCOPE(*LIST).ORIG-ACCESS.RULE-NAME
VAR(*LIST).SCOPE(*LIST).ORIG-ACCESS.ATTRIBUTE-GUARD
VAR(*LIST).SCOPE(*LIST).ORIG-ACCESS.USER-ID-GUARD and
VAR(*LIST).SCOPE(*LIST).ORIG-ACCESS.USER-ID-GUARD-IND

Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly

SHOW-OBJECT-PROTECTION-DEFAULT Display default protection attributes for objects

Output layout (attribute values)

Example

Output layout (attribute origin)

Example

Command return codes

Output in S variables

Output information

Comment

Output information

Example: