SECURE PROCEDURE ACCESS command: Difference between revisions

From m204wiki
Jump to navigation Jump to search
(Automatically generated page update)
m (link repair)
Line 6: Line 6:
<dd>Specifies the access privileges and user classes to be associated with particular procedure classes
<dd>Specifies the access privileges and user classes to be associated with particular procedure classes
</dl>
</dl>
==Syntax==
==Syntax==
<p class="syntax">SECURE <b>PRO</b>CEDURE ACCESS={ALL | (access [<i>,access</i>]...)
<p class="syntax">SECURE <b>PRO</b>CEDURE ACCESS={ALL | (access [<i>,access</i>]...) | NONE}
| NONE}
  UCLASS={ALL | (uclass [<i>,uclass</i>]... )}
  UCLASS={ALL | (uclass [<i>,uclass</i>]... )}
  PCLASS={ALL | (pclass [<i>,pclass</i>]... )}
  PCLASS={ALL | (pclass [<i>,pclass</i>]... )}
</p>
</p>
   
   
<b>Where:</b>
Where:
<table>  
<table>  
<tr>
<tr>
Line 25: Line 25:
<table>
<table>
    
    
<tr> <th>
<tr class="head"> <th>
<p>Privilege</p>
<p>Privilege</p>
</th> <th>
</th> <th>
Line 66: Line 66:
<td> is the number of the procedure class to which users in UCLASS have access; the number must be in the range 1 to 255.  </td>
<td> is the number of the procedure class to which users in UCLASS have access; the number must be in the range 1 to 255.  </td>
</tr>
</tr>
</table>
</table>
===Syntax notes===
===Syntax notes===
Parentheses are required for the access clause. In other clauses, parentheses are optional; however, if a left parenthesis is specified, the right is required. Commas are required except between access privileges enclosed in parentheses.
Parentheses are required for the access clause. In other clauses, parentheses are optional; however, if a left parenthesis is specified, the right is required. Commas are required except between access privileges enclosed in parentheses.
<p class="note"><b>Note:</b> Do not use PCLASS=ALL when making a first-time entry for a particular PCLASS. <var class="product">Model&nbsp;204</var> assumes PCLASS=ALL means that you are changing an already existing entry in the Access Control Table (ACT), but if there are no entries in that table, nothing is changed or added. </p>
<p class="note"><b>Note:</b> Do not use PCLASS=ALL when making a first-time entry for a particular PCLASS. <var class="product">Model&nbsp;204</var> assumes PCLASS=ALL means that you are changing an already existing entry in the Access Control Table (ACT), but if there are no entries in that table, nothing is changed or added. </p>
==Example==
==Example==
In the following example, only users in the Payroll Department (user class 90) are allowed to use procedures that manipulate salary fields in a file (procedure classes 20 and 30). Only programmers in the Data Processing Department (user classes 8 and 9) are allowed to define certain procedures but not use them:  
In the following example, only users in the Payroll Department (user class 90) are allowed to use procedures that manipulate salary fields in a file (procedure classes 20 and 30). Only programmers in the Data Processing Department (user classes 8 and 9) are allowed to define certain procedures but not use them:  
<p class="code">SECURE PROC ACCESS = ALL UCLASS = 90   -
<p class="code">SECURE PROC ACCESS = ALL UCLASS = 90 PCLASS = 20,30
PCLASS = 20,30
SECURE PROC ACCESS = (CHANGE,DEFINE,  -
SECURE PROC ACCESS = (CHANGE,DEFINE,  -
DELETE,COPY) UCLASS = 8,9 PCLASS = 20, -
DELETE,COPY) UCLASS = 8,9 PCLASS = 20,30,40,50,60,70  
30,40,50,60,70  
</p>
</p>
==Usage notes==
==Usage notes==
<p>The SECURE PROCEDURE command maps particular access privileges and user classes to particular procedure classes, where pclass is a decimal number in the range 1 to 255. The user classes specified in the UCLASS parameter are given the listed access privileges (ACCESS) to the procedure classes (PCLASS) specified in the command.</p>
<p>
<p>This command constructs entries in the ACT for any user classes specified in UCLASS. For a detailed discussion of security and user privileges, refer to the <var class="book">Model&nbsp;204 File Manager's Guide</var>. </p>
The <var>SECURE PROCEDURE</var> command maps particular access privileges and user classes to particular procedure classes, where pclass is a decimal number in the range 1 to 255. The user classes specified in the UCLASS parameter are given the listed access privileges (ACCESS) to the procedure classes (PCLASS) specified in the command.</p>
<p>When it processes SECURE PROCEDURE ACCESS, <var class="product">Model&nbsp;204</var> ends any current User Language update unit and begins a non-backoutable update unit. If a <var class="product">Model&nbsp;204</var> command non-backoutable update unit is in progress, SECURE PROCEDURE ACCESS is included in that update unit. For more information about <var class="product">Model&nbsp;204</var> update units, see the <var class="book">Model&nbsp;204 File Manager's Guide</var>.</p>
<p>
This command constructs entries in the ACT for any user classes specified in UCLASS. For a detailed discussion of security and user privileges, refer to [[Security]]. </p>
<p>
When it processes <var>SECURE PROCEDURE ACCESS</var>, <var class="product">Model&nbsp;204</var> ends any current SOUL update unit and begins a non-backoutable update unit. If a <var class="product">Model&nbsp;204</var> command non-backoutable update unit is in progress, <var>SECURE PROCEDURE ACCESS</var> is included in that update unit. For more information about <var class="product">Model&nbsp;204</var> update units, see [[File integrity and recovery#Update units and transactions|Update units and transactions]].</p>
 
[[Category: File manager commands]]
[[Category: File manager commands]]
[[Category:Commands]]
[[Category:Commands]]

Revision as of 18:26, 9 March 2015

Summary

Privileges
File manager
Function
Specifies the access privileges and user classes to be associated with particular procedure classes

Syntax

SECURE PROCEDURE ACCESS={ALL | (access [,access]...) | NONE} UCLASS={ALL | (uclass [,uclass]... )} PCLASS={ALL | (pclass [,pclass]... )}

Where:

ALL specifies to use words, not hexadecimal code.
access is a particular privilege associated with the procedures in the procedure class. Privilege can be one of the following:

Privilege

Users can...

USE (X'80')

INCLUDE procedures.

COPY (X'40')

DISPLAY and EDIT (copy only) procedures.

CHANGE (X'20')

EDIT procedures.

DEFINE (X'10')

Create new procedures (PROCEDURE and EDIT).

DELETE (X'08')

DELETE procedures.

uclass is the number of the user class whose users have access to the procedures in PCLASS; the number must be in the range 1 to 255.
pclass is the number of the procedure class to which users in UCLASS have access; the number must be in the range 1 to 255.

Syntax notes

Parentheses are required for the access clause. In other clauses, parentheses are optional; however, if a left parenthesis is specified, the right is required. Commas are required except between access privileges enclosed in parentheses.

Note: Do not use PCLASS=ALL when making a first-time entry for a particular PCLASS. Model 204 assumes PCLASS=ALL means that you are changing an already existing entry in the Access Control Table (ACT), but if there are no entries in that table, nothing is changed or added.

Example

In the following example, only users in the Payroll Department (user class 90) are allowed to use procedures that manipulate salary fields in a file (procedure classes 20 and 30). Only programmers in the Data Processing Department (user classes 8 and 9) are allowed to define certain procedures but not use them:

SECURE PROC ACCESS = ALL UCLASS = 90 PCLASS = 20,30 SECURE PROC ACCESS = (CHANGE,DEFINE, - DELETE,COPY) UCLASS = 8,9 PCLASS = 20,30,40,50,60,70

Usage notes

The SECURE PROCEDURE command maps particular access privileges and user classes to particular procedure classes, where pclass is a decimal number in the range 1 to 255. The user classes specified in the UCLASS parameter are given the listed access privileges (ACCESS) to the procedure classes (PCLASS) specified in the command.

This command constructs entries in the ACT for any user classes specified in UCLASS. For a detailed discussion of security and user privileges, refer to Security.

When it processes SECURE PROCEDURE ACCESS, Model 204 ends any current SOUL update unit and begins a non-backoutable update unit. If a Model 204 command non-backoutable update unit is in progress, SECURE PROCEDURE ACCESS is included in that update unit. For more information about Model 204 update units, see Update units and transactions.