Your Browser is not longer supported
Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...
{{viewport.spaceProperty.prod}}
Nonprivileged users can only use GUARDS-SAVE to save or restore their own guards or display them from a backup file. A guards administrator has rights that extend over the entire guards inventory in the system.
Guards that have the SCOPE=*HOST-SYSTEM attribute and can therefore be used throughout the system by all users are only processed by GUARDS-SAVE if the user is the owner of the guard or a guards administrator. This authorization restriction must be noted in particular if, for example, reference is made to guards (reference guards) in rule containers, whose owner differs from that of the rule container.
Example
The nonprivileged user PETER can save his guards $PETER.SYS.UCF and
$PETER.P-ACCESS but not the guard $MARY.M-ACCESS, although he can use it perfectly normally in his co-ownership rule. However, the guards administrator MARY can process all three guards.
/show-access-conditions $*.*
% Guard Name Scope Type Creation Date LastMod Date
%------------------------------------------------------------------------------
%:XXXX:$MARY.M-ACCESS SYS STDAC 2017-12-10/12:14:02 2017-12-10/12:16:10
%:XXXX:$PETER.P-ACCESS USR STDAC 2017-12-10/12:14:07 2017-12-10/12:17:18
%:XXXX:$PETER.SYS.UCF USR COOWNERP 2017-12-10/12:14:12 2017-12-10/12:17:43
%------------------------------------------------------------------------------
/show-coowner-protection-rule $*.*
%-----------------------------------------------------------------------------%RULE
CONTAINER :XXXX:$PETER.SYS.UCF COOWNER PROTECTION
%-----------------------------------------------------------------------------%RULE1
OBJECT = PETER.*
% CONDITIONS = $PETER.P-ACCESS
% TSOS-ACCESS = SYSTEM-STD
%RULE2 OBJECT = MARY.*
% CONDITIONS = $MARY.M-ACCESS
% TSOS-ACCESS = SYSTEM-STD
%------------------------------------------------------------------------------
|
