PURPOSE: The SECURE DBL command assigns or changes security for the Data Base Library (DBL) level.
Assigning DBL security:
SECURE DBL secured_dbl_name PASSWORD IS {password; TERMINAL} [PRIVILEGE/S/
{ARE; IS} privilege_list] [ACCESS {ALL; NO} ITEMS]
Changing DBL security:
SECURE DBL secured_dbl_name ([CHANGE PASSWORD TO {password; TERMINAL} [FROM
{password; TERMINAL}] ] ;[CHANGE PRIVILEGE/S/ TO privilege_list] ;[CHANGE ACCESS {ALL; NO} ITEMS] )
secured_dbl_name |
is the DBL name for which security is being assigned or changed. |
password |
must be a quoted string if it contains spaces. The password itself is not stored. Instead a password key will be derived from the password and stored to identify when the correct password is entered. |
TERMINAL |
will cause ACCENT R to prompt for the password from the terminal after validating the rest of the command. ACCENT R will prompt for the password twice, once to read it and once to confirm it. The password does not echo if the TERMINAL option is used. |
indicates an existing DBL password is being changed. The FROM clause is required if DBL access is not already set with the PERMIT command. If Data Base Administrator (DBA) authorization has been set with the PERMIT DBA command, then the FROM clause is not needed. This allows the DBA’s to change passwords without knowing the old DBL password. Note: The FROM and TO clauses can be reversed. |
|
specifies the operations that are allowed in the DBL. If this clause is not specified then all privileges will be assigned. The PRIVILEGES clause is not valid for a DBL unless the DBA security level has been assigned. Multiple privileges may be entered for a DBL if they are separated by commas. Valid privileges are: READ - records UPDATE - records REMOVE - DBL objects RENAME - DBL objects COPY - DBL objects EXECUTE - Command Modules (CM) and Process Modules (PM) ALTER - security |
|
cause ACCENT R to check the security that has already been assigned for the DBL and assumes that they are being changed. |
|
defaults to ACCESS NO ITEMS if not specified. If ACCESS NO ITEMS is specified (by default or explicitly), a user must either enter the DBL password or, if the object is individually protected, a user must enter the object password. If ACCESS ALL ITEMS is specified then the objects can be accessed in the DBL without a password but only with READ, UPDATE and EXECUTE privileges and UPDATE only for Data Indexes (DI) and Data Sets (DS). The user will not be able to REMOVE, RENAME, or COPY objects. In this way a user can access objects in the DBL without entering a password and the objects are protected from being changed or removed. An individual object can still be protected in a DBL even if the ALL option is specified so that a user must enter the password to access it. |
|
indicates the previously set access will be changed. |
A DBL can be protected so that only individuals who know a given password can access it and its objects.
*USE DBL BOOKS
*PERMIT DBA BOOKS PASSWORD IS THIRDDBAPASS
*SECURE DBL BOOKS PASSWORD IS EVERYONEPASS ACCESS NO ITEMS
Now all users of the DBL who know the password have access to all objects in the DBL.
Enter the following commands at the beginning of the session to use the DBL:
*USE DBL BOOKS
*PERMIT PASSWORD IS EVERYONEPASS
NOTE: The PERMIT PASSWORD command can be given before or after entering the USE DBL command. With the other security levels, the user must be identified as an authorized user with a PERMIT command before using the secured object.
Once DBL security has been assigned, DBA security cannot be assigned to the DBL. DBA security must be assigned first if it is going to be used.
Assume that someone has left the company who had been working in BOOKS. The following commands would be used to assign a new password. First enter the old password:
*PERMIT PASSWORD IS EVERYONEPASS
Then, enter the following to assign a new password:
*SECURE DBL BOOKS CHANGE PASSWORD TO NEWPASS