PASSWORD processes file passwords and LOGON passwords.

File passwords protect files against

• unauthorized writing (write password, WRITE-PASSWORD operand of /MODIFY-FILE-ATTRIBUTES)

• unauthorized reading (read password, READ-PASSWORD operand of /MODIFY-FILE-ATTRIBUTES)

• unauthorized execution in the case of program and procedure files (execute password, EXEC-PASSWORD operand of /MODIFY-FILE-ATTRIBUTES).

The power of these file passwords is weighted with respect to access. Write passwords are the most powerful, read passwords the next most powerful, then execute passwords. A less powerful password does not have to be specified explicitly if a more powerful one has already been specified.

File passwords are defined for one or more files. A check is made for the presence of the correct passwords prior to execution of the system commands /START-EXECUTABLE-PROGRAM, /LOAD-EXECUTABLE-PROGRAM, /MODIFY-FILE-ATTRIBUTES, /DELETE-FILE, /CREATE-FILE, /ADD-FILE-LINK, /COPY-FILE, /SHOW-FILE, and also at file opening.

To avoid repeated specification of file passwords for system commands, the password can be written to the password table during task execution. This table is then searched for the appropriate password whenever a password-protected file is to be processed.

The LOGON password is a password that must be entered with /SET-LOGON-PARAMETERS in order to ensure that only authorized users may work under a particular user ID.

LOGON passwords contained in ENTER jobs are evaluated only if the ENTER job was called from a console. Otherwise all LOGON operands specified in the ENTER job, including the LOGON password, are ignored.

Format conventions for passwords

File passwords and job variable passwords must not exceed 4 bytes in length. They are represented in the following format: