Attributes 5 and 6 of file-defining items can contain retrieval and update lock codes respectively. These codes are used to restrict access to certain data files and master dictionaries. Lock codes are sets of characters used as codes. Multiple lock codes are separated by value marks. The first lock code (retrieval or update) in a master dictionary or file dictionary must be matched in attribute 6 (key) of the user’s item in the users file to allow access to the file or master dictionary. If the lock code does not match, access is denied.
Locks can be placed at any file pointer level, system, master dictionary, or dictionary. The system pointer controls access to a master dictionary; the master dictionary pointer controls a file dictionary, and a file dictionary pointer controls the data file.
In this example, a company has four departments; finance, admin, mis, and ops. Each department is maintained in a separate master dictionary. Users remain attached to a specific master dictionary, but must be prevented from using Q-pointers or path names to access files on any other master dictionary.
The locks as they display in the system-level D-pointers and the user definitions in the mds file:
| ID: | finance.mstr | admin.mstr | mis.mstr | ops.mstr |
| 001 | d | d | d | d |
| 002 | 67889 | 786554 | 45000 | 23007 |
| 003 | 11 | 27 | 13 | 11 |
| 004 | ||||
| 005 | finance | admin | mis | ops |
| 006 | finance | admin | mis | ops |
| 007 | ||||
| 008 | ||||
| 009 | 1 | 1 | 1 | 1 |
| 010 | 10 | 10 | 10 | 10 |
A few of the users and their lock keys.
| user: | toms | glendaj | sama | carlak | gandalf |
| 006(keys) | admin | finance | mis | ops | admin]mis]ops |
Every user is restricted to those files found on the local master dictionary except for gandalf. He can access files on 3 of the four master dictionaries.
The next example illustrates setting update and retrieval locks for two files on the admin account. The files are called, payroll and reviews. A new category of supervisor is added. The supervisor files are only accessible by users with this key, regardless of the host master dictionary.
On the admin account, these pointers define the dictionaries of the files:
| ID: | payroll | reviews |
| 001 | d | d |
| 002 | 56678 | 344567 |
| 003 | 23 | 13 |
| 004 | ||
| 005 | supervisor | supervisor |
| 006 | supervisor | supervisor |
| 007 | ||
| 008 | ||
| 009 | 1 | 1 |
| 010 | 10 | 10 |
gandalf is now a supervisor:
| user: | gandalf |
| 006(keys) | admin]mis]ops]supervisor |
Now, gandalf can retrieve payroll and reviews but toms is still restricted.