All objects are assigned a domain attribute when they are created.
A domain is a characteristic of an object that controls how programs can access the object. Once set, the domain remains in effect for the life of the object. The two possible attributes are system and user.
Most object types on the system are created in system domain. When you run your system at security level 40 or 50, system domain objects can be accessed only by using the commands and callable APIs provided.
These object types can be either system or user domain. The list includes the symbolic object type.
Objects of the type *USRSPC, *USRIDX, and *USRQ in the user domain can be manipulated directly by MI instructions without using the system-provided APIs and commands.
Prior to Version 2 Release 3 Modification 0, all user objects were created into the user domain. Starting in Version 2 Release 3 Modification 0, user objects can exist in either the user domain or the system domain. The allow user domain (QALWUSRDMN) system value determines which libraries can contain user-domain user objects. The default QALWUSRDMN system value is set to *ALL, but can be changed by system administrators on individual machines to be one library or a list of libraries. If your application requires direct pointer access to user-domain user objects in a library that is not specified in the QALWUSRDMN value, your system administrator can add the library to the system value.
The ability to create user domain objects on a system with a security level 40 or 50 is controlled by the allow user domain (QALWUSRDMN) system value. See the User queue domain table in the description of the Create User Queue (QUSCRTUQ) API for more information.
For more information about C2 security, refer to the Guide to Enabling C2 Security book, SC41-0103.