Secure

PURPOSE:  The SECURE command assigns or changes security for individual objects individual objects security in a Data Base Library (DBL).

SYNTAX

Assigning DBL object security:

SECURE secured_object_type secured_object_name PASSWORD IS {password;TERMINAL} [PRIVILEGE/S/ {ARE; IS} privilege_list]

Changing DBL object security:

SECURE secured_object_type secured_object_name ([CHANGE PASSWORD TO {password; TERMINAL} [FROM {password; TERMINAL}] ]; [CHANGE PRIVILEGE/S/ TO privilege_list])

secured_object_type

could be one of the following:

GS - Global Storage

SD - Schema Definition

DS - Data Set

ID - Index Definition

DI - Data Index

CM - Command Module

PM - Process Module

SI - System Information

secured_object_name

is the name of the object for which security is being assigned or changed.

password

must be a quoted string if it contains spaces.  The password itself is not stored.  Instead a password key will be derived from the password and stored to identify when the correct password is entered.

TERMINAL

will cause ACCENT R to prompt for the password from the terminal after validating the rest of the command.  ACCENT R will prompt for the password twice, once to read it and once to confirm it.  The password does not echo if the TERMINAL option is used.

PRIVILEGES

The PRIVILEGES clause specifies the operations allowed on this secured object.  If this clause is not specified then all privileges will be assigned.  Multiple privileges may be entered for an object if they are separated by commas. Selective privileges can only be assigned for  individual  objects when:

  1.  Data Base Administrator (DBA) or DBL security has been assigned.

  2.  The PERMIT DBA or PERMIT PASSWORD command has been entered before the selective privileges are assigned with the SECURE command.

Valid privileges are:

READ - records

UPDATE - records

REMOVE - DBL objects

RENAME - DBL objects

COPY - DBL objects

EXECUTE - Command Modules (CM) and Process Modules (PM)

ALTER - security

CHANGE PRIVILEGE

causes ACCENT R to check for security that has already been assigned and assumes it is being changed.

CHANGE PASSWORD

causes ACCENT R  to check for an existing object password that will be changed.  If the object password has been previously entered with the PERMIT PASSWORD command, then the FROM clause is not needed.  Also, if the DBL password or if DBA authorization previously entered was set with the PERMIT DBA command, then the FROM clause is not needed.  This allows the altering  of object passwords from the DBA or DBL level without knowing the old object password. The FROM clause and TO clause can be reversed.

Example

Assume that a new DS that contains proposed salary increases has been added to the system.  Everyone who has access to the other objects in the DBL should not have access to the new DS.
Protect it by assigning additional security to it as follows (starting from the beginning of a session):
*PERMIT PASSWORD IS NEWPASS<CR>
*USE DBL BOOKS<CR>
*SECURE DS AUTHORS PASSWORD IS BIGNAMES<CR>

Enter the following commands to use the DS:

*PERMIT PASSWORD IS BIGNAMES<CR>

*USE DS AUTHORS<CR>

The PERMIT PASSWORD command must be entered before using an object or ACCENT R will not allow it to be accessed.

Assume that a CM and a PM have been written.  To protect the modules from being changed yet allow other users to execute them, enter the following:

*USE DBL BOOKS
*PERMIT PASSWORD IS NEWPASS
*SECURE CM REVIEWADV PASSWORD IS PAYADV PRIVILEGE IS EXECUTE
*SECURE PM REVIEWADV PASSWORD IS PAYADV PRIVILEGE IS EXECUTE

A user must enter the following to execute the CM or PM:

*USE DBL BOOKS
*PERMIT PASSWORD IS PAYADV
*USE CM REVIEWADV
Or
*USE PM REVIEWADV

Note:  It is not necessary to enter the DBL password.

NOTES:  If copying a DBL object that has been assigned security, then the new object will have the same security assigned to it.