Defining an object domain: SECDOBJ

This section describes how to configure access management when not using Central Governance.

This optional command is used to define a domain for a Transfer CFT object or a group of objects to which the same type of privileges are assigned.

If there are no instances of the master object, the object and the master object are one and the same. In this case, security categories are defined from basic actions.

Syntax

SECDOBJ
     MODE     =     {REPLACE | CREATE | DELETE},
     ID          =     identifier,
     OBJECT     =     (ALL | object, object, ..., object),
     VALUE     =     {* | (value, value, ..., value)}

Description

Use the SECDOBJ command to define a domain for a Transfer CFT object, or a group of objects, to which the same type of privileges are assigned.

Parameters

ID     = identifier

Identifier of the object domain.

This identifier must be unique. You cannot use the same ID with multiple SECDOBJ commands.

MODE     = {REPLACE | CREATE | DELETE}

Operation to be carried out.

  • REPLACE: modifies one or more records, or creates them if they do not exist
  • CREATE: creates one or more records
  • DELETE: deletes one or more records

OBJECT     = (ALL | object, object, ..., object)

Selection that covers:

  • either all the master objects in the dictionary (ALL)
  • or an explicit list of master object values (up to 20)

The object dictionary is predefined and is not user-modifiable. Each specified master object must exist in the dictionary.

The * and ? wildcard characters cannot be used when specifying objects.

VALUE     = {* | (value, value, ..., value)}

Selection that covers:

  • either all objects (*)
  • or an explicit list of object values (up to 20)

This parameter is only meaningful for master objects with instances.

The values are applied globally to the master object domain defined by the OBJECT parameter. Consequently, the domain must be consistent in terms of its values.

The * and ? wildcard characters may be used.

Example

SECDOBJ     ID     =     DPART,
     MODE     =     REPLACE,
     OBJECT     =     CFTPART,
     VALUE     =     P1*

The object domain, called DPART, designates all CFTPART-type objects, the name of which starts with P1.

 

Related Links