When a job wishes to access a file protected by passwords, the password required to permit access must be specified using the ADD-PASSWORD command. The passwords entered in this manner are entered in the password table of the job and do not need to be repeated for each subsequent access to the file.
Passwords are subject to the following hierarchy:
write password
read password
Execute password
The table on "Access to password-protected files" shows which passwords must be entered before the various types of access.
As long as the password required for catalog or file access is stored in the job's password table, it does not need to be entered again before each access to this file or to any other file protected by this password. If the user wishes to restore full password protection, he/she can delete the password from the password table or delete the entire password table via the REMOVE-PASSWORD command.
If a password is not explicitly removed from the password table or the entire password table explicitly deleted by means of the REMOVE-PASSWORD command, then this is done implicitly at the end of the job, since the password table is job-specific.
The table below shows the possible combinations of password protection:
Password protection | Password entered | Execute | Read | Write |
|---|---|---|---|---|
EXEC-PASSWORD | None | -- | -- | -- |
Execute password | X | X | X | |
READ-PASSWORD | None | X*) | -- | -- |
Read password | X | X | X | |
WRITE-PASSWORD | None | X | X | -- |
Write password | X | X | X | |
EXEC-PASSWORD | None | -- | -- | -- |
Execute password | X*) | -- | -- | |
Read password | X | X | -- | |
Write password | X | X | X | |
EXEC-PASSWORD | None | -- | -- | -- |
Execute password | X*) | -- | -- | |
Read password | X | X | X | |
EXEC-PASSWORD | None | -- | -- | -- |
Execute password | X | X | -- | |
Write password | X | X | X | |
READ-PASSWORD | None | X*) | -- | -- |
Read password | X | X | -- | |
Write password | X | X | X |
| X | Access is granted |
| -- | Access is not granted |
| *) | The program code is protected against access by dumps |
Deleting password-protected files
A file protected by a password can be deleted only if write access is enabled by entering the appropriate password (exception: the FREE-FOR-DELETION date has been reached, see "Defining a deletion date"). The password can be added to the password table of the job by means of the ADD-PASSWORD command or it can be specified in the ERASE macro or DELETE-FILE command.
Both the PASSWD operand of the ERASE macro and the PASSWORDS-TO-IGNORE operand of the DELETE-FILE command permit input of a password which is valid only for this macro or command and is not entered in the password table. In this way, full access protection is maintained for all other files protected by the same password which are not affected by the deletion operation.