This function is used to modify the default values of protection attributes in an attribute guard.
Users can only modify attribute guards for their own user IDs. Guard administrators can modify attribute guards under other user IDs.
When the command is called, attributes are only ever modified in one of the two attribute areas *CREATE-OBJECT or *MODIFY-OBJECT-ATTR.
Meaning of the operand value *SYSSTD
The value *SYSSTD represents an attribute value which has been prespecified for a higher instance in the hierarchy.
This higher instance in the hierarchy is
the pubset-global rule container,if the attribute guard is evaluated on the basis of a user-specific rule container
the usual system default,if the attribute guard is evaluated on the basis of a pubset-global rule container or if there is no pubset-global rule container.
Macro | Operanden |
MODATTR | MF = C / D / L / M / E ,PREFIX = D / <name 1> ,MACID = EFK / <name 3> ,PARAM = <name 1..8> ,DIALOG = *STD / *NO / *ATTRGUA / *USERID / *CATALOG / <var: enum-of _dialog_s:1> ,ERRMSG = *NO / *YES / <var: bit:1> ,ATTRGUA = ’ ’/ <c-string 1..40: filename 1..24 without-gen-vers with-wild(40)> / <var: char:40> ,ATTRSCP = *CRE / *MOD / <var: enum-of _attr_scope_s:1> ,ACCESS = *SYSSTD / *READ / *WRITE / <var: enum-of _access_s:1> ,SHARE = *SYSSTD / *OWNER / *ALL / *SPECIAL / <var: enum-of _user_access_s:1> ,DESTROY = *SYSSTD / *NO / *YES / <var: enum-of _destroy_s:1> ,SPRLOCK = *SYSSTD / *NO / *YES / <var: enum-of _relspace_lock_s:1> ,DELDATE = structure(3): (1) valtype: *SYSSTD / *NONE / *DATEABS / *DATEREL / <var: enum-of _free_for_deletion_s:1> (2) dateabs: ’ ’ / <c-string 8..10> / <var: char:10> ,EXDATE = structure(3): (1) valtype: *SYSSTD / *TODAY / *TOMORROW / *DATEABS / *DATEREL / <var: enum-of _expiration_date_s:1> (2) dateabs: ’ ’ / <c-string 8..10> / <var: char:10> |
MODATTR | ,WRPASS= structure(2): (1) valtype: *SYSSTD / *NONE / *VALCODE / <var: enum-of _write_pwd_s:1> (2) code: 0 / <integer -2147483648..2147483647> / <var: int:4> ,RDPASS= structure(2): (1) valtype: *SYSSTD / *NONE / *VALCODE / <var: enum-of _read_pwd_s:1> / default: _read_pwd_s.system_std (2) code: 0 / <integer -2147483648..2147483647> / <var: int:4> ,EXPASS = structure(2): (1) valtype: *SYSSTD / *NONE / *VALCODE / <var: enum-of _exec_pwd_s:1> (2) code: 0 / <integer -2147483648..2147483647> / <var: int:4> ,BASACL = structure(10): (1) valtype: *SYSSTD / *NONE / *BASVAL / <var: enum-of_basic_acl_s:1> ,GUARDS = structure(4): (1) valtype: *SYSSTD / *NONE / *GUAVAL / <var: enum-of_guards_s:1> |
For a description of the parameters MF, PREFIX, MACID, PARAM see the “Executive Macros” manual [ 16 ].
DIALOG
Dialog control
The user can use the interface in a guided dialog and can define the type of dialog that is to be performed. Dialog control has no effect in batch mode and thus corresponds to the setting DIALOG-CONTROL=*NO.
=*NO
The function is executed for every selected attribute guard without any query being issued.
=*ATTRGUA
For each selected attribute guard, the user can decide in interactive mode whether or not the function should be executed. Dialog control is performed is performed regardless of whether or not the name of the attribute guard is specified using wildcards.
It is possible to abort the function.
=*USERID
This guided dialog can only be used by system administrators.
For each selected user ID, the guard administrator can decide in interactive mode whether or not the function should be executed. However, dialog control is only performed if the user ID in the name of the attribute guard is specified using wildcards.
It is possible to abort the function.
=*CATALOG
For each selected catalog ID, the user can decide in interactive mode whether or not the function should be executed. However, dialog control is only performed if the catalog ID in the name of the attribute guard is specified using wildcards.
It is possible to abort the function.
=*STD
For each selected attribute guard, the user can decide in interactive mode whether or not the function should be executed. However, dialog control is only performed if the name of the attribute guard is specified using wildcards.
It is possible to abort the command.
ERRMSG
Message output
The user can specify whether any errors which occur should be reported in a message. This may required, for example, if an attribute guard is not available and processing continues with the next attribute guard.
=*NO
No messages are output.
=*YES
Messages are output.
ATTRGUA
Name of the attribute guard
This operand designates the name of an attribute guard of type DEFPATTR in which the default values for protection attributes are to be modified.
A value must be specified for this operand. Only uppercase characters may be used!
ATTRSCP
Attribute area
Specifies whether the specified attributes are to be used as the default attributes when a new object is created or when an existing object is modified.
*CRE
The specified attributes are used as the default values when a new object is created.
*MOD
The specified attributes are used as the default values when an existing object is modified.
ACCESS
Access type
Specifies the type of access which is permitted to the object.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
=*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
=*READ
Only read object accesses are permitted.
The specified value is only entered in the *MODIFY-OBJECT-ATTR attribute area. The corresponding value in the *CREATE-OBJECT area is set to *SYSTEM-STD. This prevents write protection being assigned to a newly created object by default before it has been possible to supply the object with data. However, if the user explicitly wants the system to behave in this way, he or she must explicitly modify the attribute value using the MODATTR function.
=*WRITE
Read, write and execute object accesses are permitted.
The specified value is only entered in the *MODIFY-OBJECT-ATTR attribute area. The corresponding value in the *CREATE-OBJECT area is always set to the default *SYSSTD.
SHARE
Shareability
Specifies whether other user IDs can access the object.
If this operand is not specified then the previous value remains unchanged in the attribute guard’s attribute area.
=*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD").
=*OWNER
Access to the object is only possible under the user’s own user ID as well as under all catalog IDs under which the user ID (of the same name) has been set up (i.e. not only under the catalog ID under which the object was created). Co-owners can also access the object.
=*ALL
Access to the object is also possible under other user IDs.
=*SPECIAL
The object is accessible to all user IDs including IDs with the privilege HARDWARE-MAINTENANCE. Accesses on the part of maintenance IDs are generally only possible if USER-ACCESS=*SPECIAL.
DESTROY
Deletion of all data which is no longer required (only for files)
To enhance data protection, users can specify in the catalog entry that data which is no longer required should be overwritten with X’00’ (binary zero).
In the case of disk files, this has an effect on delete operations and storage space release operations (see the commands /MODIFY-FILE-ATTRIBUTES and /DELETE-FILE).
In the case of tape files, this has an effect on the overwriting of residual files during EOF and EOV processing (see the DESTROY-OLD-CONTENTS operand in the /ADD-FILE-LINK command).
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
=*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD").
=*YES
This setting also applies if a different definition is made in the OPTION operand of the /DELETE-FILE command.
In the case of disk files, released storage space is automatically overwritten with binary zero (X’00’).
In the case of tape files, the tape contents after the end of the file are overwritten with binary zero (X’00’). It is not necessary to specify the deletion of the residual files for the current processing run in the /ADD-FILE-LINK command.
=*NO
If this setting is made, the definition in the /DELETE-FILE command applies (OPTION operand).
In the case of disk files, storage space is released unchanged unless the operand OPTION=DESTROY-ALL is specified in the /DELETE-FILE command.
In the case of tape files, the residual files which follow on the tape are not overwritten if DESTROY-OLD-CONTENTS=*YES is not specified for the current processing run in the /ADD-FILE-LINK command.
SPRLOCK
Release of storage space (only for files)
Specifies whether the release of storage space with the /MODIFY-FILE-ATTRIBUTES command or FILE macro should be ignored.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
=*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD").
=*NO
Storage space can be released.
=*YES
Storage space cannot be released.
DELDATE
Release date
Specifies when the object can be deleted irrespective of its protection attributes.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
valtype:
Specification type
Indicates how the attribute value is specified
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD").
*NONE
The object can only be deleted if this is permitted by the protection attributes.
*DATEABS
Absolute date specification in string form of date as of when the object may be deleted irrespective of its protection attributes.
*DATEREL
Relative date specification in integer form of date as of when the object may be deleted irrespective of its protection attributes.
dateabs:
Date
The retention period can be specified in the form of an absolute date. The object may be deleted as of the specified date irrespective of the protection attributes.
daterel:
Number of days
The retention period can be specified in the form of a relative date. The object can be deleted irrespective of the protection attributes after the specified number of days.
EXDATE
Retention period (only for files)
The file cannot be modified or deleted before the specified date. An expiration date can only be specified if the file has already been opened, i.e. if it possesses a CREATION-DATE. Since the protection attribute is not effective when a file is created, the specified value is only entered in the attribute area *MODIFY-OBJECT-ATTR. The value is set to *SYSSTD in the *CREATE-OBJECT area
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
valtype:
Specification type
Indicates how the attribute value is specified
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD").
*TODAY
No expiration date is set or an existing expiration date is deactivated by setting the current day date.
*TOMORROW
The next day’s date is specified as the expiration date.
*DATEABS
Absolute date specification in string form
*DATEREL
Relative date specification in string form.
dateabs:
Date
The expiration date is specified in the form of an absolute date. The object is protected up until the specified date (exclusive).
daterel:
Number of days
The expiration date is specified in the form of a relative date. The file remains protected for the specified number of days.
WRPASS
Write password
Password for protection against unauthorized write access.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
valtype:
Specification type
Indicates how the attribute value is specified
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD").
*NONE
No write password is assigned.
*VALCODE
A write password is specified.
code:
Password
Specification of password in numeric form.
RDPASS
Read password
Password for protection against unauthorized read accesses.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
valtype:
Specification type
Indicates how the attribute value is specified
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD" ).
*NONE
No read password is assigned.
*VALCODE
A read password is specified.
code:
Password
Specification of password in numeric form.
EXPASS
Execute password
Password for protection against unauthorized execute access.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
valtype:
Specification type
Indicates how the attribute value is specified
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD").
*NONE
No execute password is assigned.
*VALCODE
An execute password is specified.
code:
Password
Specification of password in numeric form.
BASACL
BASIC-ACL protection
Activates access control via BASIC-ACL.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
valtype:
Indicator
The indicator shows how BASIC-ACL protection is specified.
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD").
*NONE
No BASIC-ACL protection is used.
*BASVAL
BASIC-ACL protection is used.
ownerr:
Read authorization for owner.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
*NO
Owner has no read authorization.
*YES
Owner has read authorization.
ownerw:
Write authorization for owner
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
*NO
Owner has no write authorization.
*YES
Owner has write authorization.
ownerx:
Execute authorization for owner
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
*NO
Owner has no execute authorization.
*YES
Owner has execute authorization.
groupr:
Read authorization for group members.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
*NO
Group members have no read authorization.
*YES
Group members have read authorization.
groupw:
Write authorization for group members.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
*NO
Group members have no write authorization.
*YES
Group members have write authorization.
groupx:
Execute authorization for group members.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
*NO
Group members have no execute authorization.
*YES
Group members have execute authorization.
otherr:
Read authorization for all others.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
*NO
All others have no read authorization.
*YES
All others have read authorization.
otherw:
Write authorization for all others.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
*NO
All others have no write authorization.
*YES
All others have write authorization.
otherx:
Execute authorization for all others.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
*NO
All others have no execute authorization.
*YES
All others have execute authorization.
GUARDS
Guards protection
Activates access control via GUARDS.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
valtype:
Indicator
The indicator shows how GUARDS protection is specified.
*SYSSTD
The attribute value is defined by the higher-ranking instance in the hierarchy (see "Meaning of the operand value *SYSSTD").
*NONE
No GUARDS protection is used.
*GUAVAL
GUARDS protection is used.
readgua:
Read guard
Name of the guard for read control.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
writgua:
Write guard
Name of the guard for write control.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
execgua:
Execute guard
Name of the guard for execute control.
If this operand is not specified, the previous value remains unchanged in the attribute guard’s attribute area.
Macro return codes
SC2 | SC1 | Maincode | Meaning |
X’00’ | X’00’ | X’0000’ | class A: CMD0001 |
X’02’ | X’00’ | X’3000’ | class A: DEF3000 |
X’02’ | X’00’ | X’3003’ | class A: DEF3003 |
X’01’ | X’3100’ | class B: DEF3100 | |
X’00’ | Invalid parameter address | ||
X’00’ | X’20’ | X’3200’ | class C: DEF3200 |
X’00’ | X’40’ | X’3302’ | class D: DEF3302 |
X’00’ | X’40’ | X’3306’ | class D: DEF3306 |
X’00’ | X’40’ | X’3308’ | class D: DEF3308 |
X’00’ | X’40’ | X’3309’ | class D: DEF3309 |
X’00’ | X’40’ | X’3313’ | class D: DEF3313 |
X’00’ | X’40’ | X’3314’ | class D: DEF3314 |
X’00’ | X’40’ | X’3315’ | class D: DEF3315 |
X’00’ | X’40’ | X’3351’ | class D: DEF3351 |
X’00’ | X’40’ | X’3352’ | class D: DEF3352 |
X’00’ | X’80’ | X’3900’ | class E: DEF3900 |
X’00’ | X’80’ | X’3901’ | class E: DEF3901 |
X’00’ | X’80’ | X’3902’ | class E: DEF3902 |
The precise cause of the error can be determined by calling the /HELP-MSG command with the error number specified in the table, e.g. /HELP-MSG DEF3902.