This function is used to enter protection attribute default values in an attribute guard. If the attribute guard does not yet exist, it is implicitly created and assigned the guard type DEFPATTR. The SCOPE in the guard’s administrative part is set to *USER-ID.
If the attribute guard already exists because it has been created with /CREATE-GUARD or the macro CREGUA, the SCOPE remains unchanged.
The function can only be used for an existing or empty attribute guard. Otherwise it is rejected. The function MOD ATTR must be used to modify attributes in an attribute guard.
Users can only create attribute guards for their own user IDs. Guard administrators can create attribute guards under other user IDs.
In general, the specified protection attribute values apply to the two attribute areas *CREATE-OBJECT and *MODIFY-OBJECT-ATTR. The following departures from this rule should be considered:
ACCESS
The specified value is only entered in the *MODIFY-OBJECT-ATTR attribute area. The corresponding value in the *CREATE-OBJECT area is set to *SYSSTD. This prevents the attribute ACCESS=READ being assigned to a newly created object by default before it has been possible to supply the object with data. However, if the user explicitly wants the system to behave in this way, he or she must explicitly modify the attribute value using the /MODIFY-DEFAULT-PROTECTION-ATTR command.
EXPIRATION-DATE
Since the protection attribute is not effective for newly created objects, the specified value is only entered in the attribute area *MODIFY-OBJECT-ATTR. The value is set to *SYSSTD in the *CREATE-OBJECT area.
FREE-FOR-DELETION
The specified value is only entered in the *MODIFY-OBJECT-ATTR attribute area. The corresponding value in the *CREATE-OBJECT area is set to *SYSSTD. This is intended to prevent the default value for FREE-FOR-DELETION from by-passing a password control set up by an existing application for the new file which it creates.
Meaning of the operand value *SYSSTD
The value *SYSSTD represents an attribute value which has been prespecified for a higher instance in the hierarchy.
This higher instance in the hierarchy is
the pubset-global rule container,if the attribute guard is evaluated on the basis of a user-specific rule container
the usual system default,if the attribute guard is evaluated on the basis of a pubset-global rule container or if there is no pubset-global rule container.
The table below indicates how the specified values are assigned to the two attribute areas:
Attribute | Attribute area | |
*CREATE-OBJECT | *MOD-OBJECT-ATTR | |
ACCESS | *SYSTEM-STD | specified value |
USER-ACCESS | specified value | specified value |
BASIC-ACL | specified value | specified value |
GUARDS | specified value | specified value |
WRITE-PASSWORD | specified value | specified value |
READ-PASSWORD | specified value | specified value |
EXEC-PASSWORD | specified value | specified value |
DESTROY-BY-DELETE | specified value | specified value |
SPACE-RELEASE-LOCK | specified value | specified value |
EXPIRATION-DATE | *SYSTEM-STD | specified value |
FREE-FOR-DELETION | *SYSTEM-STD | specified value |
Note
The attribute area *MOD-OBJECT-ATTR is only relevant for files since the object management for job variables (JVS) does not support default protection when JV attributes are modified.
Macro | Operands |
ADDATTR | MF =C / D / L / M / E ,PREFIX = D / <name 1> ,MACID =EFJ / <name 3> ,PARAM =<name 1..8> ,ERRMSG = *NO / *YES / <var: bit:1> ,ATTRGUA ’ ’ / <c-string 1..24: filename 1..24 without-gen-vers> / <var: char:24> / ,ACCESS =*SYSSTD / *READ / *WRITE / <var: enum-of _access_s:1> ,SHARE = *SYSSTD / *OWNER / *ALL / *SPECIAL / <var: enum-of _user_access_s:1> ,DESTROY = *SYSSTD / *NO / *YES / <var: enum-of _destroy_s:1> ,SPRLOCK =*SYSSTD / *NO / *YES / <var: enum-of _relspace_lock_s:1> ,DELDATE =structure(3): (1) valtype: *SYSSTD / *NONE / *DATEABS / *DATEREL / <var: enum-of _free_for_deletion_s:1> (2) dateabs: ’ ’ / <c-string 8..10> / <var: char:10> ,EXDATE = structure(3): (1) valtype: *SYSSTD / *TODAY / *TOMORROW / *DATEABS / *DATEREL / <var: enum-of _expiration_date_s:1> (2) dateabs: ’ ’ /<c-string 8..10> / <var: char:10> ,WRPASS = structure(2): (1) valtype: *SYSSTD / *NONE / *VALCODE / <var: enum-of _write_pwd_s:1> (2) code: 0 / <integer -2147483648..2147483647> / <var: int:4> |
ADDATTR | ,RDPASS= structure(2): (1) valtype: *SYSSTD / *NONE / *VALCODE / <var: enum-of _read_pwd_s:1> / (2) code: 0 / <integer -2147483648..2147483647> / <var: int:4> ,EXPASS=structure(2): (1) valtype: *SYSSTD / *NONE / *VALCODE / <var: enum-of _read_pwd_s:1> / (2) code: 0 / <integer -2147483648..2147483647> / <var: int:4> ,BASACL =structure(10): (1) valtype: *SYSSTD / *NONE / *BASVAL / <var: enum-of _basic_acl_s:1> ,GUARDS =structure(4): (1) valtype: *SYSSTD / *NONE / *GUAVAL / <var: enum-of _guards_s:1> |
For a description of the parameters MF, PREFIX, MACID, PARAM, see the “Executive Macros” manual [16].
ERRMSG
Message output
The user can specify whether any errors which occur should be reported in a message.
=*NO
No messages are output.
=*YES
Messages are output.
ATTRGUA
Name of the attribute guard
This operand designates the name of a guard of type DEFPATTR in which the default values for protection attributes are specified. If the guard does not yet exist it is created.
A value must be specified for this operand. Only uppercase characters may be used!
ACCESS
Access type
Specifies the type of access which is permitted to the object.
=*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
=*READ
Only read and execute object accesses are permitted.
The specified value is only entered in the *MODIFY-OBJECT-ATTR attribute area. The corresponding value in the *CREATE-OBJECT area is set to *SYSTEM-STD. This prevents write protection being assigned to a newly created object by default before it has been possible to supply the object with data. However, if the user explicitly wants the system to behave in this way, he or she must explicitly modify the attribute value using the MODATTR function.
=*WRITE
Read, write and execute accesses are permitted.
The specified value is only entered in the *MODIFY-OBJECT-ATTR attribute area. The corresponding value in the *CREATE-OBJECT area is always set to the default value *SYSSTD.
SHARE
Shareability
Specifies whether other user IDs can access the object.
=*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
=*OWNER
Access to the object is only possible under the user’s own user ID as well as under all catalog IDs under which the user ID (of the same name) has been set up (i.e. not only under the catalog ID under which the object was created). Co-owners can also access the object
=*ALL
Access to the object is also possible under other user IDs.
=*SPECIAL
The object is accessible to all user IDs including IDs with the privilege HARDWARE-MAINTENANCE. Accesses on the part of maintenance IDs are generally only possible if USER-ACCESS=*SPECIAL applies.
DESTROY
Deletion of all data which is no longer required (only for files)
To enhance data protection, users can specify in the catalog entry that data which is no longer required should be overwritten with X’00’ (binary zero).
In the case of disk files, this has an effect on delete operations and storage space release operations (see the /MODIFY-FILE-ATTRIBUTES and /DELETE-FILE commands).
In the case of tape files, this has an effect on the overwriting of residual files during EOF and EOV processing (see the DESTROY-OLD-CONTENTS operand in the /ADD-FILE-LINK command).
=*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
=*YES
This setting also applies if a different definition is made in the OPTION operand of the /DELETE-FILE command.
In the case of disk files, released storage space is automatically overwritten with binary zero (X’00’).
In the case of tape files, the tape contents after the end of the file are overwritten with binary zero (X’00’). It is not necessary to specify the deletion of the residual files for the current processing run in the /ADD-FILE-LINK command.
=*NO
If this setting is made then the definition in the /DELETE-FILE command applies (OPTION operand).
In the case of disk files, storage space is released unchanged unless the operand OPTION=DESTROY-ALL is specified in the /DELETE-FILE command.
In the case of tape files, the residual files which follow on the tape are not overwritten if DESTROY-OLD-CONTENTS=*YES is not specified for the current processing run in the /ADD-FILE-LINK command.
SPRLOCK
Release of storage space (only for files)
Specifies whether the release of storage space with the /MODIFY-FILE-ATTRIBUTES command or FILE macro should be ignored.
=*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
=*NO
Storage space can be released.
=*YES
Storage space cannot be released.
DELDATE
Release date
Specifies when the object can be deleted irrespective of its protection attributes.
valtype:
Specification type
Indicates how the attribute value is specified
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
*NONE
The object can only be deleted if this is permitted by the protection attributes.
*DATEABS
Absolute date specification in string form of date as of when the object may be deleted irrespective of its protection attributes.
*DATEREL
Relative date specification in integer form of date as of when the object may be deleted irrespective of its protection attributes.
dateabs:
Date
The retention period can be specified in the form of an absolute date. The object may be deleted as of the specified date irrespective of the protection attributes.
daterel:
Number of days
The retention period can be specified in the form of a relative date. The object can be deleted irrespective of the protection attributes after the specified number of days.
EXDATE
Retention period (only for files)
The file cannot be modified or deleted before the specified date. An expiration date can only be specified if the file has already been opened, i.e. if it possesses a CREATION-DATE. Since the protection attribute is not effective when a file is created, the specified value is only entered in the attribute area *MODIFY-OBJECT-ATTR. The value is set to *SYSSTD in the *CREATE-OBJECT area.
valtype:
Specification type
Indicates how the attribute value is specified
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
*TODAY
No expiration date is set or an existing expiration date is deactivated by setting the current day date.
*TOMORROW
The next day’s date is specified as the expiration date.
*DATEABS
Absolute date specification in string form
*DATEREL
Relative date specification in string form.
dateabs:
Date
The expiration date is specified in the form of an absolute date. The object is protected up until the specified date (exclusive).
daterel:
Number of days
The expiration date is specified in the form of a relative date. The file remains protected for the specified number of days.
WRPASS
Write password
Password for protection against unauthorized write access.
valtype:
Specification type
Indicates how the attribute value is specified
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
*NONE
No write password is assigned.
*VALCODE
A write password is specified.
code:
Password
Specification of password in numeric form.
RDPASS
Read password
Password for protection against unauthorized read accesses.
valtype:
Specification type
Indicates how the attribute value is specified
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
*NONE
No read password is assigned.
*VALCODE
A read password is specified.
code:
Password
Specification of password in numeric form.
EXPASS
Execute password
Password for protection against unauthorized execute access.
valtype:
Specification type
Indicates how the attribute value is specified
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
*NONE
No execute password is assigned.
*VALCODE
An execute password is specified.
code:
Password
Specification of password in numeric form.
BASACL
BASIC-ACL protection
Activates access control via BASIC-ACL.
valtype:
Indicator
The indicator shows how BACL protection is specified.
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
*NONE
No BASIC-ACL protection is used.
*BASVAL
BASIC-ACL protection is used.
ownerr:
Read authorization for owner.
*NO
Owner has no read authorization.
*YES
Owner has read authorization.
ownerw:
Write authorization for owner
*NO
Owner has no write authorization.
*YES
Owner has write authorization.
ownerx:
Execute authorization for owner
*NO
Owner has no execute authorization.
*YES
Owner has execute authorization.
groupr:
Read authorization for group members.
*NO
Group members have no read authorization.
*YES
Group members have read authorization.
groupw:
Write authorization for group members.
*NO
Group members have no write authorization.
*YES
Group members have write authorization.
groupx:
Execute authorization for group members.
*NO
Group members have no execute authorization.
*YES
Group members have execute authorization.
otherr:
Read authorization for all others.
*NO
All others have no read authorization.
*YES
All others have read authorization.
otherw:
Write authorization for all others.
*NO
All others have no write authorization.
*YES
All others have write authorization.
otherx:
Execute authorization for all others.
*NO
All others have no execute authorization.
*YES
All others have execute authorization.
GUARDS
Guards protection
Activates access control via GUARDS.
valtype:
Indicator
The indicator shows how GUARDS protection is specified.
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
*NONE
No GUARDS protection is used.
*GUAVAL
GUARDS protection is used.
readgua:
Read guard
Name of the guard for read control.
writgua:
Write guard
Name of the guard for write control.
execgua:
Execute guard
Name of the guard for execute control.
Macro return codes
SC2 | SC1 | Maincode | Meaning |
X’00’ | X’00’ | X’0000’ | class A: CMD0001 |
X’01’ | X’3100’ | class B: DEF3100 | |
X’00’ | Invalid parameter address | ||
X’00’ | X’20’ | X’3200’ | class C: DEF3200 |
X’00’ | X’40’ | X’3302’ | class D: DEF3302 |
X’00’ | X’40’ | X’3306’ | class D: DEF3306 |
X’00’ | X’40’ | X’3308’ | class D: DEF3308 |
X’00’ | X’40’ | X’3309’ | class D: DEF3309 |
X’00’ | X’40’ | X’3313’ | class D: DEF3313 |
X’00’ | X’40’ | X’3314’ | class D: DEF3314 |
X’00’ | X’40’ | X’3315’ | class D: DEF3315 |
X’00’ | X’40’ | X’3350’ | class D: DEF3350 |
X’00’ | X’80’ | X’3900’ | class E: DEF3900 |
X’00’ | X’80’ | X’3901’ | class E: DEF3901 |
X’00’ | X’80’ | X’3902’ | class E: DEF3902 |
The precise cause of the error can be determined by calling the /HELP-MSG command with the error number specified in the table, e.g. /HELP-MSG DEF3902.