SECURE PROCEDURE ACCESS command

From m204wiki
Revision as of 20:18, 12 April 2017 by ELowell (talk | contribs) (→‎Syntax)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Summary

Privileges
File manager
Function
Specifies the access privileges and user classes to be associated with particular procedure classes

Syntax

SECURE PROCEDURE ACCESS={ALL | (access [,access]...) | NONE} UCLASS={ALL | (uclass [,uclass]... )} PCLASS={ALL | (pclass [,pclass]... )}

Where:

ALL specifies to use words, not hexadecimal code.
access is a particular privilege associated with the procedures in the procedure class. Privilege can be one of the following:

Privilege

Users can...

USE (X'80')

INCLUDE procedures.

COPY (X'40')

DISPLAY and EDIT (copy only) procedures.

CHANGE (X'20')

EDIT procedures.

DEFINE (X'10')

Create new procedures (PROCEDURE and EDIT).

DELETE (X'08')

DELETE procedures.

uclass is the number of the user class whose users have access to the procedures in PCLASS; the number must be in the range 1 to 255.
pclass is the number of the procedure class to which users in UCLASS have access; the number must be in the range 1 to 255.

Syntax notes

Parentheses are required for the access clause. In other clauses, parentheses are optional; however, if a left parenthesis is specified, the right is required. Commas are required except between access privileges enclosed in parentheses.

Note: Do not use PCLASS=ALL when making a first-time entry for a particular PCLASS. Model 204 assumes PCLASS=ALL means that you are changing an already existing entry in the Access Control Table (ACT), but if there are no entries in that table, nothing is changed or added.

Example

In the following example, only users in the Payroll Department (user class 90) are allowed to use procedures that manipulate salary fields in a file (procedure classes 20 and 30). Only programmers in the Data Processing Department (user classes 8 and 9) are allowed to define certain procedures but not use them:

SECURE PROC ACCESS = ALL UCLASS = 90 PCLASS = 20,30 SECURE PROC ACCESS = (CHANGE,DEFINE, - DELETE,COPY) UCLASS = 8,9 PCLASS = 20,30,40,50,60,70

Usage notes

The SECURE PROCEDURE command maps particular access privileges and user classes to particular procedure classes, where pclass is a decimal number in the range 1 to 255. The user classes specified in the UCLASS parameter are given the listed access privileges (ACCESS) to the procedure classes (PCLASS) specified in the command.

This command constructs entries in the ACT for any user classes specified in UCLASS. For a detailed discussion of security and user privileges, refer to Model 204 security features.

When it processes SECURE PROCEDURE ACCESS, Model 204 ends any current SOUL update unit and begins a non-backoutable update unit. If a Model 204 command non-backoutable update unit is in progress, SECURE PROCEDURE ACCESS is included in that update unit. For more information about Model 204 update units, see Update units and transactions.