Previous PageTable Of ContentsNext Page

    ADD


.

ADD

--------

-

RuleFt RuleType Requestor Action Object [(ACIGROUP MIXED
-----------------------------------------------------------

    RuleFt ---- {ADMIN, GRPADMIN, USRADMIN, USRDFLT,
    -------------
    GRPDFLT, DEFAULT, MANAGE}

    RuleType -- {ACCEPT, REJECT}

    Requestor - {[USER] ReqUser, ACIGROUP ReqGroup}

    Action ---- {READ, WRITE, MANAGE, CO-OWNER}

    Object ---- {[fn ft] fp:fs.[dir1[.dir2[...dir8]]][.]}
    ------------
    {fn ft }

--


Purpose

Use the ADD command to add a rule governing Object to the SafeSFS rules database. The rule becomes effective immediately.

Authorization

MANAGE authorization over the rule file to which the rule will be added or SAFADMIN authorization. SAFADMIN authorization is required to add rules to the SAFESFS MANAGE rule file.

Parameters

RuleFT :

The file type of the rule file to be updated. It must be one of the following:

    ADMIN

Specifies the GLOBAL ADMIN rule file.

   

    GRPADMIN

Specifies the acigroup GRPADMIN rule file, where acigroup is the fs specification in Object. Requires the ACIGROUP option.

   

    USRADMIN

Specifies the userid USRADMIN rule file, where userid is the fs specified in Object. The ACIGROUP option is invalid.

   

    USRDFLT

Specifies the userid USRDFLT rule file, where userid is the fs specified in Object. The ACIGROUP option is invalid.

   

    GRPDFLT

Specifies the acigroup GRPDFLT rule file, where acigroup is the fs specification in Object. Requires the ACIGROUP option.

   

    DEFAULT

Specifies the GLOBAL DEFAULT rule file.

   

    MANAGE

Specifies the SAFESFS MANAGE rule file. Requires SAFADMIN authorization.


RuleType:

    ACCEPT

A keyword specifying the type of access given to the requestor.

   

    REJECT

A keyword specifying the type of access given to the requestor. REJECT cannot be used with MANAGE.


Requestor:

    USER ReqUser

Specifies the requesting userid. Trailing pattern matching may be specified. The keyword USER is optional and may be omitted.

   

    ACIGROUP ReqGroup

Specifies the name of an acigroup that requesting users are members of. Trailing pattern matching may be specified.


Action:

    READ

Indicates "READ" access to Object.

   

    WRITE

Indicates "WRITE" and "READ" access to Object

   

    CO-OWNER

Indicates "WRITE" and "READ" access to Object and authorization to update the Object USRDFLT rule file. Co-owner authorization is similar to ownership of the SFS filespace.

   

    MANAGE

Allows updates of the specified rule file. MANAGE cannot be used with REJECT.


Object:

Specifies the object that the rule affects. Object is one of:

-
SFSObject:
--
[fn ft] fp:fs.[dir1[.dir2[...dir8][.]]]

    fn

1 to 8 character pattern matched file name. File type is required if file name is specified.

    ft

1 to 8 character pattern matched file type. File name is required if file type is specified.

    fp

1 to 8 character pattern matched file pool name. Default is `*:'.

    fs

1 to 8 character pattern matched file space name.

    dir1...dir8

Each directory specified is a 1 to 16 character pattern matched directory name.


Rule Fileid: Only valid for rules with an action and RuleFt of MANAGE

    fn

1 to 8 character pattern matched file name.

    ft

Must be specified as one of: ADMIN, GRPADMIN, USRADMIN, USRDFLT, GRPDFLT, DEFAULT, or MANAGE


Options

    MIXED

Indicates that the filename and filetype specified in the SFS Object contain mixed case characters and should not be upper cased by SafeSFS.

   

    ACIGROUP

Indicates that the fs specified in Object is an acigroup, not a file space. fs in Object indicates all members of the matching acigroup.


Return Codes

Return Code

Meaning

0

Rule added

4

Not authorized.

8

Command failed. Rule not added.

110

Rule being added is a duplicate of an existing rule. Rule is not added.

113

Invalid parameter.

114

Invalid option.

115

Invalid rule file type.

116

Invalid rule file name.

118

Missing rule object filespace.

119

Invalid rule object file space.

120

Invalid rule object file name.

121

Invalid rule object directory.

122

Invalid rule object file pool.

123

Invalid rule object file type.

124

Missing rule.

125

Missing parameter requestor type.

127

Invalid object for action Manage.

128

Conflicting rule file name and file space name.

143

Missing parameter file type.

144

Option ACIGROUP must be specified.

145

REJECT may not be used with MANGE.

147

Invalid action for rule file specified.


Usage Notes

  1. fp:fs. in the SFS object, is required. The period following the filespace is also required. All other tokens of the SFS object are optional. If directories are specified, they must be preceded by a period. The period following the last directory is optional. Trailing pattern matching may be used by specifying an *.



Examples
  1. SAFESFS ADD ADMIN ACCEPT JOHN WRITE *:*.
    This command adds a rule allowing user JOHN to WRITE all file spaces in all file pools. The rule is added to the GLOBAL ADMIN rule file.


  2. SAFESFS ADD MANAGE ACCEPT JOHN MANAGE GLOBAL ADMIN
    This command adds a rule allowing user JOHN to MANAGE the GLOBAL ADMIN rule file. The rule is added to the SAFESFS MANAGE rule file.


  3. SAFESFS ADD ADMIN ACCEPT ACIGROUP SYSTEMS WRITE *:*.
    This command adds a rule allowing members of acigroup SYSTEMS to WRITE all file spaces in all file pools. The rule is added to the GLOBAL ADMIN rule file.


Previous PageTable Of ContentsNext Page