Accessing Files Programmer's Guide (32650-90885)
Chapter 13 183
Maintaining File Security
Traditional Mechanism for File Security
• any user (ANY)
• account member (AC)
If no security provisions are explicitly specified for the account, the following provisions
are assigned by default:
• For the system account (named SYS), through which the system manager user initially
accesses the system, reading and executing access are permitted to all users;
appending, writing, and locking access are limited to account members.
NOTE
Symbolically, these provisions are expressed as follows:
(R,X:ANY;A,W,L:AC)
In this format, colons are interpreted to mean, "...is permitted only to..." or "...
is limited to ...." Commas are used to separate access modes or user types
from each other. Semicolons are used to separate entire access mode/user type
groups from each other.
• For all other accounts, the reading, appending, writing, locking, and executing access
modes are limited to account members (R, A, W, L, X: AC).
Group-level security
The security provisions that apply to all files within a group are initially set by an account
manager user when creating the group. they can be equal to or more restrictive than the
provisions specified at the account level. (The group's security provisions also can be less
restrictive than those of the account–but this effectively results in equating the group
restrictions with the account restrictions, since a user failing security checking at the
account level is denied access at that point and is not checked at the group level.) The
initial group provisions can be changed at any time, but only by an account-managing user
for that group's account.
At the group level, six access modes are recognized:
• reading (R)
• appending (A)
• writing (W)
• locking (L)
• executing (X)
• saving (S)
Also at the group level, five user types are recognized:
• any user (ANY)
• account librarian user (AL)
• group librarian user (GL)
• group user (GU)