Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

ADD-PASSWORD

&pagelevel(3)&pagelevel

Add password to password table for job

Component:

BS2000

Functional area:

File processing                                                                                                      

Domain:

FILE
FILE-GENERATION-GROUP
JOB-VARIABLES

Privileges:

STD-PROCESSING
HARDWARE-MAINTENANCE
SAT-FILE-EVALUATION
SAT-FILE-MANAGEMENT
SECURITY-ADMINISTRATION

Routing code:

$ (with NBCONOPI=N) or E (with NBCONOPI=Y)

Function

The ADD-PASSWORD command supplies a job with the passwords needed to access password-protected files and job variables. A password table is created for the job, and the specified passwords are entered into it. When a protected file or job variable is to be accessed, the system searches the password table for the required password. If the appropriate password is found, access is granted. In commands which access files or job variables, the required password can be specified directly with the command in some cases (e.g. when deleting files or job variables, starting up programs, etc). Entering the correct password, however, will only enable single access during command execution. In programs the password can also be specified in the file control block (FCB). The password table is deleted when the job terminates. Individual entries or all entries in it can be optionally deleted from the table before the job ends by using the REMOVE-PASSWORD command.


Note

Only one entry is created in the password table of the job for each password. In other words, if an ADD-PASSWORD command is issued for a password that already exists in the password table, no new entry will be created in the password table. Existing entries can be deleted with the REMOVE-PASSWORD command. Additional REMOVE-PASSWORD commands for deleted passwords are rejected.

In outputs such as job logs, the passwords are not shown in plain text. Where a password has been specified, it is represented by the letter ‘P’.

Protection by password can be extended by internal encoding of the passwords, carried out by the system. They then only appear in coded form in memory dumps, for example. Password encoding is set up by the system parameter ENCRYPT.

Password protection for files is dealt with in the “Introductory Guide to DMS” [13]; for details of password protection for job variables, see the “Job Variables” [20] manual.

REMOTE-FILE-ACCESS

The command ADD-PASSWORD is automatically passed on by the requesting job to all processes participating in RFA (see the “RFA” manual [31]).

Format

ADD-PASSWORD                                                                                                                            

Alias: ADPW

PASSWORD = *SECRET / list-poss(63): <x-string 1..8> / <c-string 1..4> /

<integer -2147483648..2147483647>

Operands

PASSWORD = *SECRET / list-poss(63): <x-string 1..8> / <c-string 1..4> / <integer -2147483648..2147483647>
Passwords which are to be entered into the password table. A maximum of 63 passwords may be specified by one ADD-PASSWORD command.
The operand has the following special characteristics:

  • The input field is automatically blanked out in the guided dialog.

  • In unguided dialog and foreground procedures, the entry *SECRET or ^, SDF provides a blanked out input field for inputting the password.

  • The password entered is not logged.

Return codes

(SC2)

SC1

Maincode

Meaning


0

CMD0001

Command executed


1

CMD0202

Syntactical or semantic error in command


32

DMS0584

A state that does not allow the function to continue was reported during processing


64

DMS0691

Password table at maximum size


64

DMS0692

Maximum number of passwords per task reached


64

DMS06FF

BCAM connection severed


130

DMS0585

Error detected during catalog processing or multihost processing


130

DMS0594

Not enough virtual memory available

The following applies to the specification of passwords:

A file can be protected against read access, write access or execute access by three different passwords. Changes to the catalog entry and deletion of the file are classified as write accesses. This also applies to job variables, but only for read and write access, i.e. only a read password and write password are possible.

The table below shows the possible combinations of password protection, and which passwords are required for any particular type of access:

Password protection                              

Password specified

Permitted access type

EXEC-PASSWORD

None specified

No access

Execution password

Execute
Read
Write

READ-PASSWORD

None specified

Execute *)

Read password

Execute
Read
Write

WRITE-PASSWORD

None specified

Execute
Read

Write password

Execute
Read
Write

EXEC-PASSWORD
READ-PASSWORD
WRITE-PASSWORD

None specified

No access

Execution password

Execute *)

Read password

Execute
Read

Write password

Execute
Read
Write

EXEC-PASSWORD
READ-PASSWORD

None specified

No access

Execution password

Execute *)

Read password

Execute
Read
Write

EXEC-PASSWORD
WRITE-PASSWORD

None specified

No access

Execution password

Execute
Read

Write password

Execute
Read
Write

READ-PASSWORD
WRITE-PASSWORD

None specified

Execute *)

Read password

Execute
Read

Write password

Execute
Read
Write

*) The program code is protected against dump access
Table 23: Password specifications for each type of access

Example

Accessing files with read, write, and execute passwords

/mod-file-attr proc.mini.1,prot=(read-pass='john',
                               write-pass='paul',exec-pass='maxi') ————————— (1)
/call-proc proc.mini.1,log=*yes ———————————————————————————————————————————— (2) 

%  SDP0094 CONTAINER NOT ACCESSIBLE
%  SDP0093 ERROR DURING ACCESS OF FILE/LIBRARY ':2OSG:$USERXY01.PROC.MINI.1',
 ERROR 'DMS0D91'. MORE INFORMATION: /HELP-MSG DMS0D91
%  SDP0094 CONTAINER NOT ACCESSIBLE

/add-pass 'maxi' ———————————————————————————————————————————————————————————— (3)
/call-proc proc.mini.1,log=*yes ————————————————————————————————————————————— (4) 

%  SDP0224 LOGGING SUPPRESSED; CONTAINER ':2OSG:$USERXY01.PROC.MINI.1' IS 
READ PROTECTED
** The time now is:  15:33:54 **

/print-doc proc.mini.1 ————————————————————————————————————————————————————— (5) 

%  SCP0860 FILE ':2OSG:$USERXY01.PROC.MINI.1' PROTECTED BY A READ OR EXEC 
PASSWORD. COMMAND REJECTED

/rem-pass 'maxi' ——————————————————————————————————————————————————————————— (6)
/add-pass 'johnjohn' ——————————————————————————————————————————————————————— (7)
/call-proc proc.mini.1,log=*yes ———————————————————————————————————————————— (8) 

%          1  1 /WRITE-TEXT '** The time now is:  15:35:45 **'
** The time now is:  15:35:45 **
%             1 /EXIT-PROCEDURE ERROR=*NO

/mod-f-attr proc.mini.1,proc.mini.2 ———————————————————————————————————————— (9) 

%  DMS0681 DMS ERROR '05CF' WHEN ACCESSING FILE':2OSG:$USERXY01.PROC.MINI.1'.
 FOR  FURTHER INFORMATION: /HELP-MSG DMS05CF

/help-msg dms05cf ————————————————————————————————————————————————————————— (10)

%  DMS05CF FILE PROTECTED BY (CRYPTO)PASSWORD. ADD REQUIRED (CRYPTO)PASSWORD 
AND REENTER COMMAND 
%  ? The user tried to modify the catalog entry of a file that is
%    protected by a (crypto)password, but the required (crypto)password
%    has not yet been added to the (crypto)password table of the task.
%  ! Add (crypto)password to the (crypto)password table
%    (command ADD-(CRYPTO-)PASSWORD) and reenter command.

/rem-pass 'john' —————————————————————————————————————————————————————————— (11)
/add-pass 'paul' —————————————————————————————————————————————————————————— (12)
/mod-f-attr proc.mini.1,proc.mini.2 ——————————————————————————————————————— (13)
/call-proc proc.mini.2,log=*yes ——————————————————————————————————————————— (14) 

%          1  1 /WRITE-TEXT '** The time now is:  15:37:42 ** 
%             1 /EXIT-PROCEDURE ERROR=*NO

(1)

The file PROC.MINI.1 is protected by the read password JOHN, the write password PAUL, and the execute password MAXI. The file contains an S procedure which outputs the current time to SYSOUT.

(2)

The procedure PROC.MINI.1 is called. The CALL-PROCEDURE command is rejected, since the required execution password is not contained in the password table of the task.

(3)

Entry of the execution password MAXI into the password table.

(4)

The repeated call to the procedure succeeds, but the procedure is not logged on SYSOUT, since the password required for read access is not contained in the password table.

(5)

The PRINT-DOCUMENT command is also rejected due to the missing read password.

(6)

The execute password MAXI is deleted from the password table.

(7)

Entry of the read password JOHN into the password table.

(8)

The call to the procedure succeeds, and the processing sequence is logged on SYSOUT. The read password provides authorization for reading as well as execution.

(9)

The file PROC.MINI.1 is to be renamed. The MODIFY-FILE-ATTRIBUTES command is rejected.

(10)

The HELP-MSG-INFORMATION command returns information on the cause of the error: the password required for write access (to change the catalog entry in this case) is not contained in the password table.

(11)

The read password JOHN is deleted from the password table.

(12)

Entry of the write password PAUL into the password table.

(13)

The file PROC.MINI.1 can now be renamed to PROC.MINI.2 (write access).

(14)

The call to the procedure under the new name PROC.MINI.2 succeeds, and the processing sequence is logged on SYSOUT. The write password provides authorization for read, write, and execute access.

Powered by Atlassian Confluence and Scroll Viewport.