Access Rights Designated in the SYSTEM/USERDATAFILE

This section describes the aspects of the SYSTEM/USERDATAFILE that control the ability of a user to access the system.

The SYSTEM/USERDATAFILE is a database that

  • Defines valid usercodes

  • Associates various access rights—sometimes called usercode attributes—with these usercodes

  • Contains data concerning the user population at a given installation

  • Is maintained and updated with Security Center, SYSTEM/MAKEUSER, and the USERDATA intrinsics

Because only usercodes defined in the USERDATAFILE are valid for logging on to the system, the USERDATAFILE is the most basic method of controlling system access.

Refer to the System Software Utilities Operations Reference Manual for a description of the mechanics of assigning access rights and designating values for them.

Some usercode attributes are effective features only if your system includes either the Secure Access Control Module security-enhancement software or one of the Secure Access Control Module security feature packages, as shown in Required Secure Access Control Module Software.

Table 14. Required Secure Access Control Module Software

The Secure Access Control Module software . . .

Is required for . . .

Secure Accountability Facility

  • COMSCONTROL

  • LOGSELECT

Password Management Facility

  • DAYSACTIVE

  • DAYSWARNING

  • ENFORCEEXPIREDPW

  • MAXOLDPW

  • MINPWLEN

  • MINPWLIFE

  • PASSWORDAGING

Secure Identification Facility

  • SAVEVIOLCOUNT

  • VIOLATIONLIMIT

  • SECADMIN

  • Granulated privileges


System Access (USERCODE)

The usercode

  • Controls access to the computer system

  • Identifies a user to the computer system

  • Defines the user identity and associated access rights

  • Provides the basis for file ownership

The first part of every file name is a usercode, which appears in parentheses. When files have no associated usercode, an asterisk (*) appears in place of a usercode in the file name. File ownership is the basis for file access control.

For systems where security is a concern, define for each user only one usercode. Avoid permitting groups of individuals to share the same usercode.

Because the usercode is the primary means of user identification, you might choose, for identification purposes, to have each printer listing labeled with the usercode responsible for the creation of the listing.

The appearance of the usercode, the accesscode, or both on the banner, header, or trailer page of a printer listing is controlled, respectively, by the Print System PS BANNER, PS HEADER, or PS TRAILER command.

Usercode Restrictions

The options listed in Usercode Restriction Options are available to restrict access by certain usercodes.

Table 15. Usercode Restriction Options

Restriction

Use

ONETIMEUSER

Limits a user to only one MARC session at the terminal. The usercode expires when the user logs off.

This restriction does not affect

  • CANDE sessions

  • Batch processes

  • MARC sessions at other terminals

When the ONETIMEUSER logs off from MARC at any of the terminals, the usercode becomes invalid immediately.

If a halt/load occurs, the user can log-on again after system functions are reestablished.

The user can use the system until the MARC session is terminated by logging off.

SAVEVIOLCOUNT and VIOLATIONLIMIT

Restricts a user from logging on to the system after making too many security errors.

When the value of SAVEVIOLCOUNT is TRUE

  • The total number of security violations and MCS-detected security violations caused daily by each usercode is maintained.

  • The frequency of violations caused by a user can be determined.

Use VIOLATIONLIMIT to set the maximum number of violations permitted.

When the limit is exceeded

  • The usercode is suspended.

  • The user is unable to log-on until a security administrator reactivates the usercode.

If the value of VIOLATIONLIMIT is 0 or not defined, the system does not suspend the usercode for any number of security violations.

When you assign a value to VIOLATIONLIMIT, be sure to consider the number of unintentional violations, such as mistyping a password. The maximum value of VIOLATIONLIMIT is 255.

A value between 5 and 10 is recommended because a smaller value causes the security administrator to receive frequent reactivation requests.

SUSPENDED and SUSPENDEDCODE

A user cannot log-on to the system if the value of SUSPENDED is TRUE.

A user can suspend his or her own usercode by selecting the SUSER (Suspend USERcode) option from the USERS screen in MARC, or by entering the SUSPENDUSERCODE command.

The user might want to suspend his or her usercode because

  • The password has been used inappropriately, but the user cannot change the password because the minimum password lifetime requirement is not met and a security administrator is not available.

  • The user will be absent for a period of time and does not want others to use his or her usercode.

Only the security administrator can reactivate usercodes; the user cannot reactivate a usercode even if he or she was the one to suspend it.


Usercode Access (PASSWORD)

Assign a secret password to a usercode to restrict access. Only a user who knows the password can log-on to the system by using both the usercode and password.

Passwords

  • Are stored in a protected file in a coded form

  • Do not appear visibly on terminal screens or on printer listings

The password associated with a usercode should be one that, given the usercode or information about the user, is not easily guessed. A longer password might be more difficult to guess than a shorter one. You can install a password change library to enforce custom password rules. A standard library is available. Refer to the Security Software Developers Kit (SDK) for more information.

The value of the MAXPW attribute limits the number of passwords that can be associated with a single usercode at one time. On systems where security is a concern, it is advisable to assign only one password to each usercode.

The security option CASESENSITIVEPW determines how a log-on agent (such as MARC or CANDE) handles a password. If the option is reset, passwords not enclosed in quotation marks are converted to uppercase letters before being validated. If the option is set, you can use lowercase characters and special characters in your password without having to enclose the password in quotation marks. Using case-sensitive passwords and passwords containing special characters is more secure than using just uppercase letters and numbers.

Password Attributes describes the password attributes. These recommendations are for usercode centric systems where each user is assigned a unique usercode. If using a shared usercode system where each user is assigned an accesscode, substitute in the accesscode user attributes where applicable.

Table 16. Password Attributes

The attribute . . .

Specifies the . . .

DAYSACTIVE

Number of days a password is active. If no value is entered, or DAYSACTIVE is set to 0, the password never expires.

The smaller the specified number of days

  • The more secure the system

  • The less time for the password to be discovered

  • The more often the user must change the password

  • The increased risk of the user possibly exposing the password to remember it

The password lifetime cannot exceed 255 days. If the password-aging feature is intended to enhance security, a DAYSACTIVE value between 10 and 90 is recommended.

DAYSWARNING

Number of days before password expiration that a warning message is first issued to the user.

The warning message indicates the number of days before the password expires.

ENFORCEEXPIREDPW

The steps necessary when password aging is active and the password expires.

When ENFORCEEXPIREDPW is TRUE, MAKEUSER must be run and a new password must be assigned to the usercode. A new password cannot be assigned through MARC.

If ENFORCEEXPIREDPW is FALSE, a user can assign a new password through MARC when the old password expires.

FORCEPWCHANGE

Forces the user to change their password when the usercode is next used for logon. When FORCEPWCHANGE is set, the password must be changed using MARC before the usercode can be used. This behaves the same way as an expired password. PASSWORDAGING does not need to be set. FORCEPWCHANGE is set to FALSE when the password is changed.

MAXPW

Maximum number of passwords that can be associated with one usercode.

MINPW

Minimum number of passwords that can be associated with one usercode. The value of MINPW can be either 0 (zero) or 1. If MINPW is 1, the user must enter a password.

If both MINPW and MAXPW equal 0 (zero), the user must enter a period (.) in place of a password.

If MINPW is 0 (zero), MAXPW is greater than 0 (zero), and the user has no password defined in the USERDATAFILE

  • The user has the option of entering a period in place of a password.

  • Any value other than a period becomes the password in the USERDATAFILE.

  • In the future, the user will be required to enter that password.

MAXOLDPW

Maximum number of recently used passwords maintained for the user.

The value can be in the range from 0 to 15; a higher number is better for password uniqueness. A value of 15 is recommended.

If the value is

  • 0 (zero), no recently used passwords are maintained

  • Greater than 0 (zero), requests to change the password to a recently used password are rejected

MAXOLDPW is effective only when password aging is active. Password aging is active when the following conditions are all true:

  • The value of MINPW is 1.

  • The value of MAXPW is 1.

  • The value of PASSWORDAGING is TRUE.

MINPWLEN

Number of characters required in a password. The value of MINPWLEN can be from 1 to 15 characters.

Longer passwords

  • Provide greater security.

  • Can be difficult to remember.

A MINPWLEN value of 9 is recommended to enhance security.

The MINPWLEN feature is effective only when the system does not generate passwords, that is, when the value of PASSWORDMGMT is MINIMAL.

MINPWLIFE

Number of days that must elapse before the user can change his or her password.

If MINPWLIFE is not specified, users can change passwords as frequently as they choose.

MINPWLIFE is valid only if recently used passwords are maintained for the user (the value of MAXOLDPW must be greater than zero).

The value of MINPWLIFE can be from 0 to 15 days.

PASSWORDAGING

Passwords associated with the usercode have a limited lifetime. The lifetime is specified in days by the value of the DAYSACTIVE option.

PASSWORDAGING

  • Works with the DAYSACTIVE attribute to designate the life of the password

  • Works with the DAYSWARNING attribute to warn the user the password is about to expire

  • Requires the MINPW and MAXPW attributes be set to 1


Multi-Factor Authentication Required (MFAREQUIRED)

If the MFA option of the SECOPT (Security Options) system command is enabled, users might be required to perform two-factor authentication to gain system access.

If the MFAREQUIRED attribute is set and the MFA security option is enabled, two-factor authentication is required. This attribute is used in conjunction with the MFAPROTOCOL attribute.

Multi-Factor Authentication Protocol (MFAPROTOCOL)

The MFAPROTOCOL attribute identifies the method that is used to perform two-factor authentication. The supported protocols are

  • EMAIL

    Requires any MFA capable user attempting to authenticate to enter a passcode that is sent to the email address associated with the usercode.

    Note: For MFA configurations using the EMAIL utility, MFAPROTOCOL must be set to EMAIL. The EMAIL usercode attribute must be set to a valid email address, and the EMAIL utility must be installed. For more information about the EMAIL utility, refer to the System Software Utilities Operations Reference Manual.

  • DUOPUSH

    Sends a push notification to the mobile device of any MFA capable user attempting to authenticate. The two options are allow or deny.

  • DUOPHONE

    Initiates an automated call to the mobile device of any MFA capable user attempting to authenticate. The user is prompted to press any key to authenticate.

  • DUOPULL

    Requires any MFA capable user attempting to authenticate to enter a passcode that is generated from the Duo Security application.

Note: The protocols DUOPUSH, DUOPHONE, and DUOPULL are only valid for MFA configurations using the third-party security platform Duo Security.

Multi-Factor Authentication Username (MFAUSERNAME)

If the MFA option of the SECOPT (Security Options) system command is enabled and the MFAREQUIRED attribute is set, two-factor authentication is required.

The MFAUSERNAME attribute functions similarly to the IDENTITY attribute when a request is sent to a device for authentication. For MFA configurations that use Duo Security, the value specified for the MFAUSERNAME attribute is populated on the Duo dashboard, as well information on whether the authentication was successful. These records can help a Duo administrator audit the users that are authenticating using Duo.

If the MFAUSERNAME is not set, the MCP usercode of the authenticating user is used to authenticate the user in the Duo Portal.

Privileged User Access (PU)

Privileged-user status is the most powerful usercode attribute.

To confer privileged-user status, designate PU for the usercode. A privileged usercode can, in general, access any file on the system. Privileged users can also use procedures such as GETSTATUS and SETSTATUS.

A job or task running under a privileged usercode is itself privileged and has the same access rights as the usercode.

It is recommended that you give a usercode privileged-user status only if it is necessary for the user to have that level of file and system access, and the user can be trusted with that level of access.

To provide a usercode with a subset of the capabilities associated with privileged-user status, use the granulated privilege access rights. Detailed information about granulated privilege access rights are provided later in this section.

Some of the access rights of a privileged user are restricted when the system SECADMIN option is TRUE and SECADMIN is designated in the USERDATAFILE for at least one usercode. The following pages describe these restrictions.

System-Enforced Security-Administrator Status

System-enforced security-administrator status denies access to security-sensitive functions to anyone who is not specifically designated as a security administrator in the USERDATAFILE.

System-enforced security-administrator status denies access to security-sensitive functions to anyone who is not specifically designated as a security administrator in the USERDATAFILE.

When this feature is enabled, the following are among the functions that are available only to a security administrator:

  • The ability to interrogate or modify all usercode attributes for all users in the USERDATAFILE

  • The ability to mark a library as a support library—the SL (Support Library) system command

  • The ability to mark a program as a privileged program—the MP (Mark Program) system command

  • The ability to enable execution of code files that are marked nonexecutable because they contain “dangerous” constructs—the XP(Executable Program) system command

For a list of functions that are restricted to the security administrator, see “Security Function Access (SECADMIN)” in Controlling System Access.

Security Function Access (SECADMIN)

The SECADMIN designation used in conjunction with the system primitive command ??SECAD provides greater protection of system functions and files.

If the system SECADMIN option is TRUE,

  • But no usercode is designated SECADMIN in the USERDATAFILE, any user with the USERDATA privilege or privileged status can run SYSTEM/MAKEUSER and alter the USERDATAFILE.

  • Only a user running under a usercode designated as SECADMIN can use a number of system commands that affect system security, regardless of whether any usercode is designated SECADMIN in the USERDATAFILE.

  • And at least one usercode is designated SECADMIN in the USERDATAFILE, only a user with the USERDATA privilege or running under a usercode designated as SECADMIN can run SYSTEM/MAKEUSER and create or modify the USERDATAFILE.

You can designate SECADMIN for as many usercodes as you choose.

If no usercode has the SECADMIN option specified, any usercode with either the PU or the USERDATA option can create or modify a USERDATAFILE, regardless of the value of the system SECADMIN option.

If only one usercode has the SECADMIN option specified and no usercode has been designated USERDATA in the USERDATAFILE

  • The ability to create or modify a USERDATAFILE is lost if the password associated with that usercode is lost.

  • This loss could result in forcing a cold-start of the system to regain the ability to create or modify the USERDATAFILE.

It is advisable to define more than one usercode with either SECADMIN status or USERDATA privilege so that more than one individual has the ability to alter the USERDATAFILE. However, this status should be given only to those who need to have it and who can be trusted with it.

Granulated Authorization Access

Granulated authorization enables you to provide users with a subset of the privileges associated with privileged users (users with PU and SECADMIN privileges). Although SYSTEMUSER is listed as a granulated privilege, it is not a subset of PU and SECADMIN privileges. This capability enables you to specify a subset of privileges for a user to give the user the necessary privileges to accomplish required tasks and also limit unnecessary access to the system. Granulated authorization introduces the concept of least privilege: specific privileges can be defined for a user without providing that user with the more general capabilities associated with full privileged user status.

Granulated privileges can be specified for both usercodes and code files. However, the Security Identification Facility is required before granulated privileges associated with usercodes can be used.

  • Privileges for usercodes are defined in the USERDATAFILE.

  • Privileges for code files are defined using the MP system command.

The following granulated privileges are available.

CHANGE

This privilege enables users to change the titles, including the file ownership, of the disk files of other users. If the new file name is identical to an existing disk file name, the REMOVE privilege is also required.

CHANGESEC

This privilege provides users with the ability to modify the security file attributes of files that belong to other users.

CREATEFILE

This privilege enables users to create disk files under another usercode as long as a file with the same name does not already exist. This privilege does not apply to files created using the WFL CHANGE command or the Library Maintenance copy operation.

EXECUTE

This privilege provides users with the ability to execute the code files of other users.

GETSTATUS

This privilege provides users with the capability to use the GETSTATUS intrinsic to retrieve information about jobs, tasks, the status of peripherals, the status of the operating system and mainframe configuration. However, it does not include those GETSTATUS directory and volume requests where privileged-user status is required.

GSDIRECTORY

This privilege provides users with the capability to see the private directories and filenames of other users. Users also have access to restricted GETSTATUS directory and volume requests that normally require privileged-user status.

IDC

This privilege determines whether a user has the capabilities associated with the IDC attribute. If IDC is set, a user can update the current datacominfo file through DATACOMSUPPORT entrypoints, which are used by the SYSTEM/IDC utility.

LOCALCOPY

This privilege enables users to copy files and directories belonging to other users on the local host using Library Maintenance.

LOGINSTALL

This privilege provides users with the capability to create Installation Log records using the MCSLOGGER intrinsic.

LOGOTHERS

This privilege provides users with the capability to create log records that normally require privileged status using MCSLOGGER. Refer to the System Log Programming Reference Manual for a list of the record types.

PLATFORMACCESS

The PLATFORMACCESS granulated privilege enables you to build and execute image files using the BUILDX compiler, execute an image codefile created by the BUILDX utility, and execute Docker commands using the UTILX utility. User codes with the PLATFORMACCESS granulated privilege assigned must have a corresponding Windows user account for each MCP usercode and have an MCP credentials file to maintain the Windows user account credentials for the Windows system. For more information, see Configuring Windows User Accounts and Associating a Windows User Account with an MCP Usercode in the ClearPath Extension Kit for MCP Getting Started and Best Practices Guide.

Note: Unisys recommends that the corresponding Windows user account for PLATFORMACCESS users does not have administrator privileges. Additionally, granting remote desktop access to the Windows user account allows the user to circumvent some of the Extension Kit restrictions managed by the MCP. PLATFORMACCESS is disabled by default.

PLATFORMADMIN

The PLATFORMADMIN granulated privilege enables you to have additional administrative access to the firmware environment through the use of the RUNX and EPMSUPPORT library command and control interface. Typically, a usercode assigned the PLATFORMADMIN granulated privilege has an MCP credentials file that maps to a Windows user account with administrator privileges.

Note: Unisys strongly recommends that you limit the use of the PLATFORMADMIN granulated privilege. Assigning the PLATFORMADMIN granulated privilege to a usercode enables an MCP user to perform any action within the privileges assigned to their Windows user account in the Windows environments outside of a container.

When a corresponding Windows user account has administrator privileges, the PLATFORMADMIN granulated privilege enables you to manage the Windows environment from the MCP Environment. For example, using the PLATFORMADMIN granulated privilege, you can do the following from the MCP Environment:

  • Install Windows updates

  • Manage Windows user accounts

  • Manage the Windows registry

  • Run PowerShell scripts

  • Obtain real-time Windows performance metrics

On systems that authorize security-administrator status for the system (SECOPT SECADMIN option set to TRUE), an MCP usercode that has the SECADMIN privilege is granted PLATFORMACCESS and PLATFORMADMIN granulated privileges.

On systems that do not authorize security-administrator status for the system (SECOPT SECADMIN option set to FALSE), an MCP usercode with the PU privilege is granted PLATFORMACCESS and PLATFORMADMIN granulated privileges.

READ

This privilege provides users with read access to private files of other users regardless of the security attributes associated with the files.

REMOVE

This privilege enables users to remove files belonging to other users. This privilege can be used with the CREATEFILE, LOCALCOPY, and CHANGE privileges to manipulate existing disk files. A user requires this privilege to perform a close with purge operation on a file that belongs to another user.

SETSTATUS

This privilege provides users with the capability to use the SETSTATUS intrinsic to control MCP, mix, unit, and operational functions. However, it does not include those SETSTATUS directory and volume requests where privileged-user status is required.

SYSTEMUSER

Refer to the System Command Access (SYSTEMUSER) entry in this section for information about SYSTEMUSER privileges.

Note: SYSTEMUSER privilege allows system command access from MARC. A privileged user does not have this capability.

UNWRAPRESTRICT

This privilege enables users to specify that hazardous files are not marked restricted during an UNWRAP operation.

USERDATA

This privilege provides users with the ability to access the USERDATA intrinsic. A user with this privilege also has logical I/O access to files that have the file attribute SECURITYADMIN set to TRUE.

WRITE

This privilege provides a user with write access to the private files of other users. Access is provided regardless of the security attributes of the files and also includes use of the ERASEFILE and EXCHANGE intrinsics. This privilege also allows modification of nonsecurity-related file attributes.

All of the granulated privileges listed above are assigned to a user with PU privilege with the following exceptions:

  • IDC

    If security administrator is enabled, the IDC privilege is only assigned to users with both SECADMIN and PU privileges.

  • SYSTEMUSER

    The SYSTEMUSER privilege is not assigned.

  • UNWRAPRESTRICT

    If security administrator is enabled, the UNWRAPRESTRICT privilege is only assigned to users with SECADMIN privilege.

  • USERDATA

    If security administrator is enabled, the USERDATA privilege is only assigned to users with SECADMIN privilege.

System Command Access (SYSTEMUSER)

A user with a usercode designated as a SYSTEMUSER

  • Has the ability to execute system commands from a remote station. The commands have the same privileges as system command requests from the local ODT.

  • Can also use the DCKEYIN, SETSTATUS, and GETSTATUS programmatic interfaces required to execute a system command.

  • Has access to all system commands except for the primitive commands.

If the system SECADMIN option is TRUE, some system commands are available only to those with SECADMIN specified for their usercodes.

A user who is not privileged

  • Does not gain any special file-access privileges by being made a SYSTEMUSER.

  • Executes system commands consistent with nonprivileged status.

For example, when a nonprivileged SYSTEMUSER enters the PD (Print Directory) system command, the system displays the names only of files under that user's usercode directory and of public files belonging to other users (when SHOWFILES is designated for those other users).

Because system commands control many fundamental aspects of system operation, only trusted individuals who require the capability should have SYSTEMUSER status.

System Administrator (SYSADMIN)

A user with a usercode designated as a SYSADMIN

  • Has the ability to execute system commands from a remote station. The commands have the same privileges as system command requests from the local ODT.

  • Can also use the DCKEYIN, SETSTATUS, and GETSTATUS programmatic interfaces required to execute a system command.

  • Has access to all system commands except for the primitive commands. If security administrator status is enabled, some commands are restricted to security administrators.

  • Has the ability to restrict operator access to certain commands through the use of the SYSADMIN COMMAND system command.

A user who is not privileged does not gain any special file-access privileges by being made a SYSADMIN.

Guarded File Access (ACCESSCODELIST)

You use this usercode attribute to associate an accesscode with a usercode.

The accesscode

  • Is entered during the log-on procedure or by using the CANDE ACCESS command.

  • Permits a user access to a guarded file.

A user is permitted to log-on under an accesscode only if the accesscode is designated for the usercode in the USERDATAFILE.

Accesscodes also provide additional user identification when the user logs on to the system. The accesscode can have an accesscode password associated with it. If it does, the user must enter the accesscode password along with the accesscode.

In the same way that a usercode password can have password aging attributes, an accesscode, which has a password specified can also have password aging attributes. The following attributes have the same functionality as the corresponding usercode password attributes.

  • ACPWAGING (PASSWORDAGING)

  • ACPWDAYSACTIVE (DAYSACTIVE)

  • ACPWDAYSWARN (DAYSWARNING)

  • ACPWENFORCEEXP (ENFORCEEXPIREDPW)

  • ACPWCHGONUSE (FORCEPWCHANGE)

If accesscode password aging is enabled for a usercode, it is enabled for all accesscodes in the ACCESSCODELIST that have passwords specified.

To require a user to enter an accesscode during log-on, specify ACCESSCODENEEDED for the user's usercode in the USERDATAFILE.

Refer to Controlling File Access for a description of how to use accesscodes to define groups of users with common access to certain files.

File Title Access (SHOWFILES)

SHOWFILES does not in any way limit access to a file.

If you designate

  • SHOWFILES for a usercode, a nonprivileged user can see the names of public files belonging to that usercode.

  • – SHOWFILES, a nonprivileged user cannot see the names of any files under that usercode.

As a rule, all sensitive files should be private—that is, their SECURITYTYPE file attribute should be equal to PRIVATE. If this is the case, designating SHOWFILES for a usercode does not result in any breach of security.

CANDE Control Command Access (CANDECONTROL)

This attribute enables the user to access CANDE network control commands. A CANDECONTROL user has access to commands that configure the CANDE data comm network and interrogate that configuration.

When a user designated as CANDECONTROL logs on at a terminal, that terminal becomes a CANDE control station for the time the user is logged on.

Because of the power of some CANDE control commands, it is recommended that only highly trusted individuals be made CANDECONTROL users.

If a usercode is not designated as CANDECONTROL, the user could still possibly access CANDE control commands. For a discussion of the conditions that would permit this situation to occur, see Access Rights Associated with CANDE.

COMS Utility Window Access (COMSCONTROL)

The COMS Utility window enables you to control the users and stations in the Transaction Server system.

Designate COMSCONTROL only for trusted individuals who require the use of the COMS Utility window.

To regulate access to the COMS Utility window, use the LIMITCOMSUTIL option of the SECOPT (Security Options) system command.

If this option is

  • Set, only a usercode designated as COMSCONTROL can access the COMS Utility window.

  • Not set, access to the COMS Utility can also be granted or denied for a usercode or station through Transaction Server. See “Transaction Server Command Access (Control-Capable)” in Access Rights Designated in the COMS Utility for more information.

Refer to Security Configuration for information about the SECOPT command.

Even when COMSCONTROL is designated for a usercode, the COMS Utility window must be included in the window list for the usercode in Transaction Server.

Specify the COMS Utility window either explicitly in the window list or use the ALL window list designation.

The ALL window list designation is the default.

Group Access

The GROUPCODE and SUPPLEMENTARYGRPS USERDATA attributes are used to control access to files. These attributes associate sets of users for the purpose of sharing files and other data objects, such as semaphores, that are defined by POSIX and X/Open standards.

Members of a group share access to files by using the GROUP and SECURITYMODE file attributes. Tasks running under a usercode that is different than the usercode of the owner of the file, can still access the file if the tasks GROUPCODE attribute value, or one of its SUPPLEMENTARYGRPS matches the GROUP attribute value of the file. If a match occurs, the task has all the access rights specified for that group in the SECURITYMODE attribute.

To use groups for file sharing

  • Have the system administrator define the necessary groups by adding the GROUPCODE and SUPPLEMENTARYGRPS attributes to the appropriate usercodes in the USERDATAFILE.

  • Have the users use the GROUP and SECURITYMODE attributes to enable sharing of their files.

These attributes are explained in greater detail later in this manual.

Prev  Up  Next
Types of Access Rights  Home  Examples of Appropriate USERDATAFILE Attributes