search cancel

Query on security parm - SAFUID and the PASSWORD keyword

book

Article ID: 242667

calendar_today

Updated On:

Products

Spool

Issue/Introduction

Parameter 'PASSWORD=ESF' - Is that a mandatory ? Can that be masked ?

SAFUID *,LABEL=GRP1,DGROUP=1,PASSWORD=ESF
SAFUID USER1,LABEL=GRP1X,DGROUP=1,PASSWORD=ESF
SAFUID USER2,LABEL=GRP1X,DGROUP=1,PASSWORD=ESF




Environment

Release : 14.0

Component : Spool

Resolution

The PASSWORD keyword is not mandatory. If using internal security and omitting the PASSWORD would allow the user to logon to the Spool menu without any passwords. We recommend using external security or a mix of internal and external security what would make Spool to validate the password against the external security package installed on the system.

There is no way to mask the passwords in the ESFPARM. If still using internal security an alternative can be to put the SAFUID statements in a separate dataset protected by the external security package (ACF2, TSS or RACF). 

 

Additional Information

Reference the SAFUID statement where the PASSWORD keyword is define:

https://techdocs.broadcom.com/us/en/ca-mainframe-software/traditional-management/ca-spool/14-0/initialization-options/safuid.html