BACL Basic Access Control List for File/JV/PLAM Element

BACL Basic Access Control List for File/JV/PLAM Element

BACL[F] Basic Access Control List for files/Job variables/PLAM library elements.

This User Option displays if, and if so, in what form, an Access Control List has been defined for a file/Job variable/PLAM library element. More information about this can be found on page 6-. Using an Access Control List, more accurate control can be exercised over access to the respective data object than is possible with the global attributes Share=YES|NO, Access=WRITE|READ. The access can be restricted for writing (W), reading (R) or in the case of procedures and programs, executing (X). A list of userids may be created for each of the above access methods which will restrict access to everybody (-), the creator of the file (U), a defined user group (G), or all other users (O). Any combination of the above is possible.

Output format for the User Option: For each of the three access methods, REA, WRI, and EXE a three letter description of the access domains is displayed. UGO, for instance, would indicate that User, Group and Others all have access to the data object. U-- would indicate that only the owner (User), but not the Group or Others would have access to the data object. The first three letter combination represents read access (REA), the second for write access (WRI), and the right hand group for execute access (EXE). An example of the output format would be:

REA WRI EXE

UG- U-- UGO

F FSTAT-compatible output format. Instead of appearing in the format described above, the Access Control attributes will be displayed in an FSTAT-type format. The display will not be arranged according to the access method (see above), rather according to the three access domains, USER (OWNER), GROUP and OTHERS. The access rights of each domain will still be displayed in a 3 letter format. RWX, for example, implies that read, write and execute access is allowed for the data object. R-X will allow only read and execute access. An example of the output format is:

USR GRP OTH

RWX R-X ---

Selection parameter:

Y: All files/Job variables/PLAM library elements for which a Basic Access Control List exists will be selected.

N: All files/Job variables/PLAM library elements for which no Basic Access Control List exists.

[W ><= x] [, R ><= y] [, X ><= z]

W = Write, R = Read, X = Execute access.

The access domains N, U, G, O are ranked as follows: N < U < G < O, O > U > G > N. Example: see below.

x, y, z: N | U | G | O (None / Userid / Userid Group / Other users)

Selection can be according to one or more access methods simultaneously. Other domains may be specified sequentially by using an '=' sign.

[U = a] [, G = b] [, O = c]

U = User, G = Group, O = Others

a, b, c: R | W | X (Read / Write / Exec). Multiple access methods may be specified sequentially.

Examples:

BACL W>U,R>U

All files for which a user group greater than the owner (User) is allowed read and write access are selected. In contrast to the display of BACL characteristics in the FSTAT command, the abbreviated description of the domains is displayed, showing READ, WRITE and EXEC access.

BACLF G=RWX

All elements from a PLAM library are selected for which the user Group have read, write and execute access. BACLF: the display of the BACL characteristics is analogous to the FSTAT command representation i.e. the access rights of each of the domains, USER, GROUP, OTHERS, are displayed.

Note:

For further information concerning BACL, see page 6- (Action Codes for Amending Access Rights).