PURPOSE: The SECURE DBA command assigns or changes security at the Data Base Administrator (DBA) level.
SYNTAX
For assigning DBA security:
SECURE DBA secured_dbl_name PASSWORD IS {password; TERMINAL} [REQUIRE min_pass_req OF max_pass_allowed]
For changing DBA security:
SECURE DBA secured_dbl_name ([CHANGE PASSWORD TO {password; TERMINAL} FROM {password; TERMINAL}]; [CHANGE REQUIRE min_pass_req OF max_pass_allowed])
|
secured_dbl_name |
is the name of the Data Base Library (DBL) for which DBA security is being assigned or changed. Specify the name of the currently declared DBL. This ensures that the correct DBL is being used for assigning security. |
|
password |
must be a quoted string if it contains spaces. The password itself is not stored. Instead a password key will be derived from the password and stored to identify when the correct password is entered. |
|
TERMINAL |
will cause ACCENT R to prompt for the password from the terminal after validating the rest of the command. ACCENT R will prompt for the password twice, once to read it and once to confirm it. The password does not echo if the TERMINAL option is used. |
|
REQUIRE |
specifies the number of DBA passwords that must be entered to set DBA authorization. If min_pass_req is set higher than one, at least two people can be forced to be present in order to make security changes. |
|
OF |
specifies the total number of DBA passwords (up to 10) that are to be set up for the DBL. If this clause is used then the PASSWORD clause is required also. If this clause is not specified when DBA security is assigned then ACCENT R defaults to 1. |
|
CHANGE REQUIRE |
indicates that the existing minimum-required and maximum-allowed numbers will be changed. |
Example
It is recommended that DBA security be assigned to the DBL first, and that more than one DBA be assigned. In this example a maximum of six DBA passwords are assigned and at least two of the six DBA passwords must be entered with the PERMIT DBA command to set DBA authorization.
*USE DBL BOOKS*SECURE DBA BOOKS PASSWORD IS FIRSTDBAPASS REQUIRE 2 OF 6*SECURE DBA BOOKS PASSWORD IS SECONDDBAPASS*SECURE DBA BOOKS PASSWORD IS THIRDDBAPASS*SECURE DBA BOOKS PASSWORD IS FOURTHDBAPASS*SECURE DBA BOOKS PASSWORD IS FIFTHDBAPASS*SECURE DBA BOOKS PASSWORD IS SIXTHDBAPASSEach DBA should enter a password of their choice. The DBA passwords can be entered all at the same time or at different times. To add a third password requires at least two others to be declared.
A password can be changed at any time with the following command:
*SECURE DBA BOOKS CHANGE PASSWORD TO MYNEWPASSWORD FROM SECONDDBAPASSThe old password must be entered because there may be multiple passwords assigned (up to ten) and ACCENT R needs to know the specific one to change.
The minimum number of DBA passwords required can be changed, but the maximum number allowed cannot be reduced after all the passwords have been entered.
*SECURE DBA BOOKS CHANGE REQUIRE 3 OF 6*SECURE DBA BOOKS CHANGE REQUIRE 2 OF 6*SECURE DBA BOOKS CHANGE REQUIRE 1 OF 5Error: the number of DBA’s is being reduced below the number assigned.Command aborted.The last SECURE command caused an error because the user attempted to reduce the maximum number of passwords allowed and six passwords have already been entered.
NOTES: The CHANGE REQUIRE clause cannot set max_pass_allowed below min_pass_req. Furthermore, max_pass_allowed cannot be reduced below the number of passwords that have been assigned through the PASSWORD IS clause.
When assigning DBA security only one password can be specified at a time. Once the first password is assigned, another password can be entered with a subsequent SECURE DBA command. The first password will identify a user as an authorized DBA and allows the others to be entered. In a subsequent session, additional passwords can be entered after entering the current passwords using the PERMIT DBA command.
Thereafter, the minimum number of passwords must be entered to set DBA authorization. The secure DBA change option can be used to make changes to the minimum number required or the total allowed. It is necessary to enter the current DBA passwords through the PERMIT DBA command to make the changes.
After the required number of passwords have been entered using the PERMIT DBA command, access is available to all objects in the DBL with all privileges.