The GROUPCODE and SUPPLEMENTARYGRPS user attributes can be used to associate a user with a group or set of groups. Once defined for the user, any tasks initiated under that user USERCODE will also execute with the specified GROUPCODE and SUPPLEMENTARYGRPS.

The owner of a file can define group access to that file by setting the GROUP file attribute and the group file permission flags within the SECURITYMODE attribute.

When a process opens a file, assuming that the USERCODE of the process does not match the owner of the file, the GROUP attribute of the file (if set) is compared with the GROUPCODE and SUPPLEMENTARYGRPS attributes of the process. If a match occurs, then the group file access permissions as defined by the SECURITYMODE attribute is granted to the process.

Additional flexibility is offered by use of the ALTERNATEGROUPS file attribute. This provides the ability to specify additional groupcodes and associated file access permissions that are to be used for the file. The permissions granted to a user are additive for all of the groups of which he is a member.

The GROUP attribute may be specified for a new file when it is created. In addition, the WFL ALTER or SECURITY statements may be used to set the GROUP attribute of an existing file.

This grouping mechanism can be even more powerful on ClearPath NX servers when it is used in the permanent directory namespace. This feature enables you to create shared file directories where specified groups of users can create files, view files, and so on. By specifying no access for other groups of users on the permanent directory containing these files, you can prevent other users from seeing or accessing these shared files.