How do we implement passwords in UFO?
Article ID: 11418
Updated On:
Products
Issue/Introduction
How do we implement Passwords in UFO?
Environment
Release: ESBUFO99000-3.2-Extended Support Basic-for UFO
Component:
Resolution
Each UFO component may be assigned a display password (DPW) and/or altered password (APW). The display password restricts/allows users to modify or execute certain components while the alter password restricts/allows users from using the CA UFO auto access feature.
How to Set Up Advantage UFO Security
To set up passwords for UFO ACB components, the UFO UFOASCTY utility is used. To set up passwords for UFO DD components, the UFODSCTY is used. Each ACB or DD can be assigned a display password and/or an alter password.
UFOASCTY
In this example, we are going to put a display password and alter the password on the ACB called UFOEDIT. From a clear screen enter UFO ASCTY. The following screen will be displayed:
UFOASCTY REVIEW/UPDATE/SET ACB SECURITY CODES
FUNCTION--> *
DISPLAY DISPLAY ALTER ---------- SECURITY ----------
NAME PASSWORD PASSWORD HEX BIT
UFODD 000000 00000000 00000000 00000000
UFOEDD 000000 00000000 00000000 00000000
UFOEDIT 000000 00000000 00000000 00000000
UFOKMENU 000000 00000000 00000000 00000000
UFOMAINT 000000 00000000 00000000 00000000
UFOMENU 000000 00000000 00000000 00000000
UFOMNTBM 000000 00000000 00000000 00000000
UFOMNTLD 000000 00000000 00000000 00000000
UFORUN 000000 00000000 00000000 00000000
UFOSTAGE 000000 00000000 00000000 00000000
UFOXDDS 000000 00000000 00000000 00000000
Once the UFOASCTY screen is displayed, move the cursor to the name of the component whose password you want to change. If the initial screen does not contain the component that you want to change, just overtype the first entry with the desired component name and hit enter. UFO will reposition the component name display alphabetically starting with your entry.
To set or change the password, type the display password in the DISPLAY PASSWORD column, and the alter password (if any) in the ALTER PASSWORD column to the right of the component name.
When you have finished making changes, perform an update by pressing <PF1> or by typing a U in the FUNCTION field, and pressing enter. Any number of passwords can be changed at one time.
UFOASCTY REVIEW/UPDATE/SET ACB SECURITY CODES
FUNCTION--> *
DISPLAY DISPLAY ALTER ---------- SECURITY ----------
NAME PASSWORD PASSWORD HEX BIT
UFODD 000000 00000000 00000000 00000000
UFOEDD 000000 00000000 00000000 00000000
UFOEDIT PSWD1 PSWD2 000000 00000000 00000000 00000000
UFOKMENU 000000 00000000 00000000 00000000
UFOMAINT 000000 00000000 00000000 00000000
UFOMENU 000000 00000000 00000000 00000000
UFOMNTBM 000000 00000000 00000000 00000000
UFOMNTLD 000000 00000000 00000000 00000000
UFORUN 000000 00000000 00000000 00000000
UFOSTAGE 000000 00000000 00000000 00000000
UFOXDDS 000000 00000000 00000000 00000000
UFODSCTY
UFODSCTY execution and display is similar to UFOASCTY.
Note:
Disregard the SECURITY BIT columns that show in the UFOASTCY and UFODSCTY display. The security bits of UFOASCTY and UFODSCY are no longer available because CICS Transaction Server (CTS) has eliminated the SNT (Signon Table).
SECURE=YES
CA UFO security is activated via the UFO INIT table (macro UFMAINIT, load module/phase UFLAIN32) parameter SECURE=YES. You must assure that the UFO INIT table has been assembled and link edited with SECURE=YES to trigger the use of the component passwords. The UFOINTSE utility will display the SECURE=value. Below is the UFOINSTE display showing that security has been turned on:
UFOINTSE UFO/INIT MAINTENANCE UTILITY Function-> *
-*- REVIEW/UPDATE SECURITY and ACCOUNTING PARAMETERS -*-
CNTRLPW= System control password
DICTPRC= Security procedure for DDS
PROCPRC= Security procedure for PDS
SECURE= Y CICS security support
SECEXIT= * EXTERNAL SECURITY EXIT NAME
SIGNON= 0 Signon level
ACCEXIT= External accounting exit name
Note: The SECURE value can be changed and updated via UFO INTSE, but the updated setting is only temporary for the current CICS session.
How does Advantage UFO Security Work?
Once the passwords have been set and SECURE=YES has been activated, the user will be required to enter the password when accessing the UFO component or when executing the UFO application. When executing the application from the initial entry, the password must be entered as part of the initial entry command. For example, suppose the Advantage UFO application called PROG1 had a display password of DPW1. The user would enter the following from a clear screen to execute the application:
UFO EXEC PROG1 DPW1
If UFO had detected a password mismatch then the initial UFO menu would be displayed along with the MS10 error message:
Welcome to the UFO application development system on 01/07/05 at 12:51:21.1
UUU UUU FFFFFFFFFFFFF OOOOOOOOOOOOO
UUU UUU FFFFFFFFFFFFF OOOOOOOOOOOOO
UUU UUU FFF OOO OOO
UUU UUU FFFFFFF OOO OOO
UUU UUU FFFFFFF OOO OOO
UUU UUU FFF OOO OOO
UUUUUUUUUUUUUU FFF OOOOOOOOOOOOO
UUUUUUUUUUUUUU FFF OOOOOOOOOOOOO
**** RELEASE 3.2.0 ****
COPYRIGHT On-Line Software International, Inc. 1990, ALL RIGHTS RESERVED.
_ 1. UFOD Development system menu 4. UFOSS Service system menu
2. UFOS Security system menu 5. UFOEI Executive inquiry menu
3. UFOP Page system menu
Appl--> ________ Key--> ________________ Dpw--> Apw-->
MS10 PROG1 is password protected against unauthorized access
Command ==> ________
PF1=Help PF3=Exit PF12=Cancel
If the application had an alter password (Apw), then the user is required to enter both the display password (Dpw) and alter password (Apw). If the display password is correct but the alter password does not match, the application will still execute but the automatic access update/add function will not be available for use. Please keep in mind that alter passwords only affect the application automatic functions and not the programmed access.
If a password-protected application invokes additional ACBs or DDs under program access control (using the /NEWSCR keyword, for example), it is the application's responsibility to ensure that the additional ACBs and DDs either have no password at all, or have exactly the same password as the first ACB or DD.
If different sets of passwords are defined for the ACB and the DD, the ACB password must be used to execute the application.
Caution: If passwords are defined for the DD but not for the ACB, the application can be invoked through the ACB without supplying passwords.
Also, if you are going to utilize the UFO Security System, it is recommended that you protect the UFO Security System utilities themselves. They are:
- UFOS (the menu)
- UFOASCTY
- UFODSCTY
Additional Information
For more information about CA UFO security, refer to the publication CA UFO Customization and Operation Guide Sections 2 & 12.
Feedback
