Guardian Procedure Calls Reference Manual
• Disk file open—security check
When a disk file open is attempted, the system performs a security check. The accessor's (that
is, the caller's) security level is checked against the file security level for the requested access
mode, as follows:
read security level is checkedfor read access:
write security level is checkedfor write access:
read and write security levels are checkedfor read-write
access:
A file has one of seven levels of security for each access mode. (The owner of the file can set
the security level for each access mode by using SETMODE function 1 or by using the File
Utility Program SECURE command.) Table 31 shows the seven levels of security.
Table 31 Levels of Security
AccessProgram ValuesFUP Code
Local super ID only7-
Owner (local or remote), that is, any user with owner's ID6U
Member of owner's group (local or remote), that is, any member of owner's
community
5C
Any user (local or remote)4N
Owner only (local)2O
Member of owner's group (local)1G
Any user (local)0A
For a given access mode, the accessor's security level is checked against the file security level.
File access is allowed or not allowed as shown in Table 32. In this table, file security levels
are indicated by FUP security codes. For a given accessor security level, a Y indicates that
access is allowed to a file with the security level shown; a hyphen indicates that access is not
allowed.
Table 32 Allowed File Accesses
File Security LevelAccessor’s Security Level
O G AU C N-
Y Y YY Y YYSuper ID user, local access
— — —Y Y Y-Super ID user, remote access
— — —Y Y Y-Owner or owner’s group
manager, remote access
— Y Y— Y Y-Member of owner’s group,
remote access Any other user,
remote access
— — Y— — Y-Owner or owner’s group
manager, local access
— — —— — —-Member of owner’s group, local
access Any other user, local
access
If the caller to FILE_OPEN_ fails the security check, the open fails with an error 48. A file's
security can be obtained by a call to FILE_GETINFOLIST[BYNAME]_, FILEINFO, or by the File
Utility Program (FUP) INFO command.
OPEN Procedure (Superseded by FILE_OPEN_ Procedure) 903