|
AR/AW/AX Amend access rights (Basic Access Control List)
The Action Codes described below for amending the Basic Access Control Lists can be used equally well for Job variables and PLAM library elements. The userid under which a PLAM library is cataloged is regarded as the User (Owner).
BACL's are available as from BS2000 V10. LMS Version 2.0 or greater is necessary for PLAM libraries.
Refer also to the SP Action Code on page 6- regarding standard protection attributes.
This Action Code will result in the User Option BACL[F] being set when making a file list selection.
The BACL attributes displayed in the file list entries may be overwritten, and hence can be modified directly. To prohibit access by a particular user domain, a '-' character should be entered at the respective position, To allow access, the access or domain abbreviation (RWX or UGO) should be entered.
Allow Write/Read/Execute privileges for a particular group of userids.
x Domains for which the specified access rights should be granted.
U User. The owner (userid under which the file is cataloged) has access to the file.
G Group. A fixed group of userids (User Group) have access to the file.
O Others. All userids, other than the owner and the User Group have access to the file.
N None. Neither User, nor Group, nor Others (i.e. nobody) has access to the file. However, the owner of the file (User) can amend this setting at any time.
Any combination of the letters U, G, O may be specified for x. For example, the Action Code AXUGO grants Execute access rights for the file to the users under User, Group and Others (i.e. everybody).
AWNx | ARNx | AXNx
Prohibit Write/Read/Execute access rights to a particular group of users.
x Domains for which the specified access should be prohibited. For a description, see above. Any combination of the letters U, G, O can be specified for x. For example, the Action Code AWNGO entered for a file will prevent the file from being amended by users from the Group and all other userid's (Others).
AA[x] Access All.
x U | G | O:
All access types (i.e. Read/Write/Exec) are permitted for the specified domains. Any combination of the letters U, G, O can be specified for x. For example, the Action Code AAUGO will allow unrestricted access to the file by all users.
x W | R | X:
All domains (i.e. User/Group/Others) are permitted the specified type of access to the file. Any combination of the letters W, R, X can be specified for x.
Entering the Action Code AA without an x parameter will grant unrestricted access to the file to all domains.
ANx Access No.
x U | G | O:
All access types (i.e. Read/Write/Exec) will be prohibited for the specified domains. The owner (User) of the file may change this setting again at any time. Any combination of the letters U, G, O may be specified for x.
x W | R | X:
The specified access type will be prohibited for all domains (i.e. User/Group/Others). Any combination of the letters W, R, X can be specified for x.
AN No Basic Access Control List. The BACL checks are not made when accessing the file. A Standard Basic Access Control List can be reactivated, for example, by entering the AS Action Code.
AS Access Rights = Standard. A standard set of BACL attributes are applied to a file that is not yet protected by any set. The standard attributes are dependent on the previous Share= and Access= values.
Notes:
If a Basic Access Control List or a password (see below) is defined or amended for a PLAM library element using an Action Code A.., then the following checks are carried out by CFS on the library at file level: Is the file cataloged as SHARE=YES? If Yes: Is a Basic Access Control List (BACL) or a Full Access Control List (FACL) already defined for the file? If No: A BACL is generated and set to OWNER/GROUP/OTHERS=READ/ WRITE/EXEC. This ensures that the file cannot be copied to a foreign userid.
For further information regarding BACL, see page 4-.