JOB CONTROL STATEMENTS 6
6.3 PERMANENT DATASET MANAGEMENT
6.3.3 PROTECTING AND ACCESSING MASS STORAGE DATASETS
Access of mass storage datasets can be restricted on two levels:
• Which users can access the dataset (privacy)
• What type of access is allowed (access mode)
The mass storage dataset protection system has two other dataset management aspects:
• Dataset use tracking
• Attribute association
6-8 SR-OOll 0
7
-6.3.3.1 Privacy
Mass storage permanent datasets fall into three categories, depending on which users can access the permanent dataset:
• Private datasets are accessible only to the dataset owner.
• Semiprivate datasets are accessible to the dataset owner and to a specific group of other users.
• Public datasets are accessible to all users.
New mass storage datasets are either public or private (not semiprivate) by default. Contact your CRI site analyst for the default value at your site. A new dataset can be explicitly declared as either public or private with the public access mode (PAM) parameter on the SAVE control statement. (Refer to section 9.)
6.3.3.2 Access mode
In addition to establishing which users may access a dataset, the owner must establish what mode of access alternate users are allowed; that is, whether users other than the dataset owner may execute, read, write, or maintain the permanent dataset. Specifying the mode of alternate access depends upon what category of user is being granted the access. The three categories of users are as follows:
• The dataset owner who is allowed all modes of access.
• Specific alternate users who are named with the USER parameter of the PERMIT control statement (refer to section 9); the alternate user's allowed mode of access is declared with the access mode (AM) parameter of the same PERMIT control statement. Multiple PERMIT statements can be issued for the same permanent dataset to provide a list of alternate users. PERMIT can also be used to change or remove the allowed mode of access for an alternate user of the dataset. The allowed access mode for a specific user is known as a permit.
• All other users (the public). All users of a dataset not in the preceding two categories can be allowed (or denied) access to the dataset by using the PAM parameter on the ACQUIRE (section 10), SAVE, or MODIFY control statement (section 9). The mode of public access to a dataset can be changed at any time with the MODIFY control statement.
Any mass storage permanent dataset can have a public access mode with any combination of permits. If an alternate user desiring access to a
permanent dataset is allowed public access and is named in a permit, the alternate user is allowed the access named in the permit. The permit takes precedence over the public access mode.
SR-0011 0 6-9
Such a combination of public and permitted access is often desirable.
For example, suppose dataset FROG is to be used (executed as a program) by many groups of users, maintained by the dataset owner, and backed up or restored as needed by another user. Then, the dataset should have a public access mode of execute only and a permit of maintenance mode access for the alternate user who does dataset backup and restoration.
All users, including the owner, must correctly specify any existing permission control words corresponding to the mode of access desired.
For example, suppose dataset BIG has a public access mode of READ and a read password of README. Any user desiring to read the dataset must supply the read password (README) to gain access to the dataset. An exception occurs if the permanent dataset utilities are used. Refer to section 11 for more information.
6.3.3.3 Dataset use tracking
The total access count and date/time of last access are recorded for each dataset in the DSC. Access tracking capabilities include recording who accessed the dataset, how many times, and the date/time of last access.
The permit mechanism described earlier in this section provides access tracking whenever a permit is issued for a user. A dataset that allows public access can also be tracked. The owner must explicitly state, however, that public access tracking is required with the track accesses
(TA) parameter on the ACQUIRE, SAVE, or MODIFY control statement; the system does not normally provide it.
6.3.3.4 Attribute association
The system allows permanent datasets having the same PDN and additional 10 to be distinguished by an ED. That is, there can be several datasets with different edition numbers that have the same PDN, 10, and ownership value.
A user permanent dataset is uniquely identified by the PDN, 10, ED, and
ownership value.
The ownership value recorded in the OSC when a dataset is made permanent is normally equal to the user number as specified on the ACCOUNT or JOB control statement. Specificinstallations can choose to define dataset ownership as the account number rather than the user number. Contact your CRI site analyst to find out which type of ownership value is used.
Permanent mass storage datasets with the same PON, 10, and ownership are assumed to be closely related. Therefore, most permanent dataset
attributes are the same for all editions of the permanent dataset. The read, write, and maintenance permission control words, public access mode, public access tracking, and permits are the same for all datasets with the same PON, 10, and ownership.
6-10 SR-0011 0
The text attribute is treated slightly differently. Any
text
supplied when the dataset is created is kept as a dataset attribute; if notext
is supplied, the text attribute from the highest existing edition of the permanent dataset, if any, is used.The notes attribute is treated similarly to text except that
notes
are assumed to be different for each dataset edition.Notes
supplied at dataset creation time are used; if nonotes
are supplied, none are used.Deleting the data in a permanent dataset while leaving the dataset's name and attributes recorded in the DSC is possible. Such a dataset is
referred to as a