PURPOSE: The SECURE command assigns or changes security for individual objects individual objects security in a Data Base Library (DBL).
SYNTAX
Assigning DBL object security:
SECURE secured_object_type secured_object_name PASSWORD IS {password;TERMINAL} [PRIVILEGE/S/ {ARE; IS} privilege_list]
Changing DBL object security:
SECURE secured_object_type secured_object_name ([CHANGE PASSWORD TO {password; TERMINAL} [FROM {password; TERMINAL}] ]; [CHANGE PRIVILEGE/S/ TO privilege_list])
|
secured_object_type |
could be one of the following: GS - Global Storage SD - Schema Definition DS - Data Set ID - Index Definition DI - Data Index CM - Command Module PM - Process Module SI - System Information |
|
secured_object_name |
is the name of the object for which security is being assigned or changed. |
|
password |
must be a quoted string if it contains spaces. The password itself is not stored. Instead a password key will be derived from the password and stored to identify when the correct password is entered. |
|
TERMINAL |
will cause ACCENT R to prompt for the password from the terminal after validating the rest of the command. ACCENT R will prompt for the password twice, once to read it and once to confirm it. The password does not echo if the TERMINAL option is used. |
|
The PRIVILEGES clause specifies the operations allowed on this secured object. If this clause is not specified then all privileges will be assigned. Multiple privileges may be entered for an object if they are separated by commas. Selective privileges can only be assigned for individual objects when:
Valid privileges are: READ - records UPDATE - records REMOVE - DBL objects RENAME - DBL objects COPY - DBL objects EXECUTE - Command Modules (CM) and Process Modules (PM) ALTER - security |
|
|
causes ACCENT R to check for security that has already been assigned and assumes it is being changed. |
|
|
causes ACCENT R to check for an existing object password that will be changed. If the object password has been previously entered with the PERMIT PASSWORD command, then the FROM clause is not needed. Also, if the DBL password or if DBA authorization previously entered was set with the PERMIT DBA command, then the FROM clause is not needed. This allows the altering of object passwords from the DBA or DBL level without knowing the old object password. The FROM clause and TO clause can be reversed. |
Example
Assume that a new DS that contains proposed salary increases has been added to the system. Everyone who has access to the other objects in the DBL should not have access to the new DS.Protect it by assigning additional security to it as follows (starting from the beginning of a session):*PERMIT PASSWORD IS NEWPASS<CR>*USE DBL BOOKS<CR>*SECURE DS AUTHORS PASSWORD IS BIGNAMES<CR>Enter the following commands to use the DS:
*PERMIT PASSWORD IS BIGNAMES<CR>
*USE DS AUTHORS<CR>The PERMIT PASSWORD command must be entered before using an object or ACCENT R will not allow it to be accessed.
Assume that a CM and a PM have been written. To protect the modules from being changed yet allow other users to execute them, enter the following:
*USE DBL BOOKS*PERMIT PASSWORD IS NEWPASS*SECURE CM REVIEWADV PASSWORD IS PAYADV PRIVILEGE IS EXECUTE*SECURE PM REVIEWADV PASSWORD IS PAYADV PRIVILEGE IS EXECUTEA user must enter the following to execute the CM or PM:
*USE DBL BOOKS*PERMIT PASSWORD IS PAYADV*USE CM REVIEWADVOr*USE PM REVIEWADVNote: It is not necessary to enter the DBL password.
NOTES: If copying a DBL object that has been assigned security, then the new object will have the same security assigned to it.