Administer protected objects

Define protected objects that reflect the resources the security policy protects. The name of a protected object can be of any length and contain any character. The forward slash (/) character is interpreted to be part of the object hierarchy, which allows ACLs to be attached at the various points indicated by the forward slash character. After creating a protected object, we can specify a security policy for it by defining and attaching ACLs, POPs, authorization rules, or any combination of these entities.

Use caution when implementing protected objects programmatically. In many cases, the protected object hierarchy is manually designed, built, and tested by a security expert. Carefully review the hierarchy to ensure the security policy is correctly enforced. If we choose to build protected object hierarchies programmatically, be sure to test and review the settings for each object before you deploy the security environment.

Methods available to administer protected objects.

Methods Description
PDProtObject.attachAcl
PDProtObject object.attachACL
Attach the specified access control list to the specified protected object.
PDProtObject.attachPop
PDProtObject object.attachPop
Attach a POP to the specified protected object.
PDProtObject.attachAuthzRule
PDProtObj object.attachAuthzRule
Attach an authorization rule to the specified protected object.
PDProtObject.createProtObject Create an ISAM protected object.
PDProtObject.deleteProtObject Delete the specified protected object.
PDProtObject.detachAcl
PDProtObject object.detachAcl
Detaches the access control list from the specified protected object.
PDProtObject.detachPop
PDProtObject object.detachPop
Detach a POP from the specified protected object.
PDProtObject.detachAuthzRule
PDProtObj object.detachAuthzRule
Detach an authorization rule from the specified protected object.
PDProtObject constructor Instantiate the specified protected object. If the protected object name specified does not exist, default values are shown. To determine that a protected object exists, use PDProtObject.exists.
PDProtObject object.getAclId Get the name of the ACL attached to the specified protected object.
PDProtObject object.getEffectiveAclId Get the name of the ACL in effect for the specified protected object.
PDProtObject object.getPopId Get the name of the POP attached to the specified protected object.
PDProtObject object.getEffectivePopId Get the name of the POP in effect for the specified protected object.
PDProtObj object.getAuthzRuleId Get the name of the authorization rule object attached to the specified protected object.
PDProtObj object.getEffectiveAuthzRuleId Get the name of the authorization rule object that is in effect for the specified protected object.
PDProtObject object.getDescription Get the description of the specified protected object.
PDProtObject object.getId Get the name of the specified protected object.
PDProtObject object.isPolicyAttachable Whether a protected object policy or access control list can be attached to the specified protected object.
PDProtObject object.exists Whether a protected object exists.
PDProtObject object.access Whether a specific action to a specific object is permitted.
PDProtObject object.multiAccess Whether the specified actions to the specified objects are permitted.
PDProtObject.listProtObjectsByPop Returns a list of protected objects that have the specified protected object policy (POP) attached.
PDProtObject.listProtObjects Returns the protected objects contained under the specified directory.
PDProtObject.listProtObjectsByAcl Returns a list of protected objects that have the specified access control list attached.
PDProtObject.setDescription
PDProtObject object.setDescription
Sets the description field of the specified protected object.
PDProtObject.setPolicyAttachable
PDProtObject object.setPolicyAttachable
Set whether a protected object policy or access control list can be attached to the specified protected object.
PDProtObj.listProtObjectsByAuthzRule List the protected objects that have the specified authorization rule attached.

Parent topic: Administer protected objects and protected object spaces