Users can protect CALL DML tables from unauthorized access by means of passwords. This functionality is provided by the utility SEPA (see the “Database Operation” manual).

When a table is protected by a password, users must enter the relevant password for each CALL DML statement. When SESAM/SQL analyses the statement, it checks the authorization associated with the password.

The first step is to open a table or section of a table (a logical file) by specifying a valid password in the Open statement. If users fail to specify the correct password within the maximum permitted number of attempts when issuing an Open statement interactively, the system locks them out. Only system administrators can cancel the lock.

Once opened, the table or logical file can be edited using CALL DML statements, provided the same password is specified.
The password governs which data can be accessed and how that data can be accessed. If an attempt is made to access an attribute for which rights have not been granted, SESAM/SQL responds as if the attribute does not exist in the database and rejects the statement with a status code.
CALL DML statements issued with an invalid password are likewise rejected with a status code.

SEPA offers the following functions:

• Executes all maintenance activities on the password catalog:
  change, revoke or reassign access rights.

• Outputs information on all passwords (name, access rights).

Password catalogs for password-protected CALL DML tables are not backed up separately.