SECURE PROCEDURE ACCESS command: Difference between revisions
m (link repair) |
(→Syntax) |
||
(One intermediate revision by one other user not shown) | |||
Line 8: | Line 8: | ||
==Syntax== | ==Syntax== | ||
<p class="syntax">SECURE <b> | <p class="syntax">SECURE <b>PROC</b>EDURE ACCESS={ALL | (access [<i>,access</i>]...) | NONE} | ||
UCLASS={ALL | (uclass [<i>,uclass</i>]... )} | UCLASS={ALL | (uclass [<i>,uclass</i>]... )} | ||
PCLASS={ALL | (pclass [<i>,pclass</i>]... )} | PCLASS={ALL | (pclass [<i>,pclass</i>]... )} | ||
Line 84: | Line 84: | ||
The <var>SECURE PROCEDURE</var> command maps particular access privileges and user classes to particular procedure classes, where pclass is a decimal number in the range 1 to 255. The user classes specified in the UCLASS parameter are given the listed access privileges (ACCESS) to the procedure classes (PCLASS) specified in the command.</p> | The <var>SECURE PROCEDURE</var> command maps particular access privileges and user classes to particular procedure classes, where pclass is a decimal number in the range 1 to 255. The user classes specified in the UCLASS parameter are given the listed access privileges (ACCESS) to the procedure classes (PCLASS) specified in the command.</p> | ||
<p> | <p> | ||
This command constructs entries in the ACT for any user classes specified in UCLASS. For a detailed discussion of security and user privileges, refer to [[ | This command constructs entries in the ACT for any user classes specified in UCLASS. For a detailed discussion of security and user privileges, refer to [[Model 204 security features]]. </p> | ||
<p> | <p> | ||
When it processes <var>SECURE PROCEDURE ACCESS</var>, <var class="product">Model 204</var> ends any current SOUL update unit and begins a non-backoutable update unit. If a <var class="product">Model 204</var> command non-backoutable update unit is in progress, <var>SECURE PROCEDURE ACCESS</var> is included in that update unit. For more information about <var class="product">Model 204</var> update units, see [[File integrity and recovery#Update units and transactions|Update units and transactions]].</p> | When it processes <var>SECURE PROCEDURE ACCESS</var>, <var class="product">Model 204</var> ends any current SOUL update unit and begins a non-backoutable update unit. If a <var class="product">Model 204</var> command non-backoutable update unit is in progress, <var>SECURE PROCEDURE ACCESS</var> is included in that update unit. For more information about <var class="product">Model 204</var> update units, see [[File integrity and recovery#Update units and transactions|Update units and transactions]].</p> |
Latest revision as of 20:18, 12 April 2017
Summary
- Privileges
- File manager
- Function
- Specifies the access privileges and user classes to be associated with particular procedure classes
Syntax
SECURE PROCEDURE ACCESS={ALL | (access [,access]...) | NONE} UCLASS={ALL | (uclass [,uclass]... )} PCLASS={ALL | (pclass [,pclass]... )}
Where:
ALL | specifies to use words, not hexadecimal code. | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
access | is a particular privilege associated with the procedures in the procedure class. Privilege can be one of the following:
|
||||||||||||
uclass | is the number of the user class whose users have access to the procedures in PCLASS; the number must be in the range 1 to 255. | ||||||||||||
pclass | is the number of the procedure class to which users in UCLASS have access; the number must be in the range 1 to 255. |
Syntax notes
Parentheses are required for the access clause. In other clauses, parentheses are optional; however, if a left parenthesis is specified, the right is required. Commas are required except between access privileges enclosed in parentheses.
Note: Do not use PCLASS=ALL when making a first-time entry for a particular PCLASS. Model 204 assumes PCLASS=ALL means that you are changing an already existing entry in the Access Control Table (ACT), but if there are no entries in that table, nothing is changed or added.
Example
In the following example, only users in the Payroll Department (user class 90) are allowed to use procedures that manipulate salary fields in a file (procedure classes 20 and 30). Only programmers in the Data Processing Department (user classes 8 and 9) are allowed to define certain procedures but not use them:
SECURE PROC ACCESS = ALL UCLASS = 90 PCLASS = 20,30 SECURE PROC ACCESS = (CHANGE,DEFINE, - DELETE,COPY) UCLASS = 8,9 PCLASS = 20,30,40,50,60,70
Usage notes
The SECURE PROCEDURE command maps particular access privileges and user classes to particular procedure classes, where pclass is a decimal number in the range 1 to 255. The user classes specified in the UCLASS parameter are given the listed access privileges (ACCESS) to the procedure classes (PCLASS) specified in the command.
This command constructs entries in the ACT for any user classes specified in UCLASS. For a detailed discussion of security and user privileges, refer to Model 204 security features.
When it processes SECURE PROCEDURE ACCESS, Model 204 ends any current SOUL update unit and begins a non-backoutable update unit. If a Model 204 command non-backoutable update unit is in progress, SECURE PROCEDURE ACCESS is included in that update unit. For more information about Model 204 update units, see Update units and transactions.