This article will discuss how to implement passwords on UFO components.
How do we implementing Passwords in CA UFO?
Each UFO component may be assigned a display password (Dpw) and/or alter password (Apw). The display password restricts/allows users to modify or execute certain components while the alter password restricts/allows users from using the CA UFO auto access feature.
How to Set Up Advantage CA-UFO Security
To set up passwords for UFO ACB components, the CA UFO UFOASCTY utility is used. To set up passwords for UFO DD components, the UFODSCTY is used. Each ACB or DD can be assigned a display password and/or an alter password.
In this example, we are going to put a display password and alter password on the ACB called UFOEDIT. From a clear screen enter UFO ASCTY. The following screen will be displayed:
UFOASCTY REVIEW/UPDATE/SET ACB SECURITY CODES FUNCTION--> * DISPLAY DISPLAY ALTER ---------- SECURITY ---------- NAME PASSWORD PASSWORD HEX BIT UFODD 000000 00000000 00000000 00000000 UFOEDD 000000 00000000 00000000 00000000 UFOEDIT 000000 00000000 00000000 00000000 UFOKMENU 000000 00000000 00000000 00000000 UFOMAINT 000000 00000000 00000000 00000000 UFOMENU 000000 00000000 00000000 00000000 UFOMNTBM 000000 00000000 00000000 00000000 UFOMNTLD 000000 00000000 00000000 00000000 UFORUN 000000 00000000 00000000 00000000 UFOSTAGE 000000 00000000 00000000 00000000 UFOXDDS 000000 00000000 00000000 00000000
Once the UFOASCTY screen is displayed, move the cursor to the name of the component whose password you want to change. If the initial screen does not contain the component that you want to change, just overtype the first entry with the desired component name and hit enter. CA UFO will reposition the component name display alphabetically starting with your entry.
To set or change the password, type the display password in the DISPLAY PASSWORD column, and the alter password (if any) in the ALTER PASSWORD column to the right of the component name.
When you have finished making changes, perform an update by pressing <PF1> or by typing a U in the FUNCTION field, and pressing enter. Any number of passwords can be changed at one time.
UFOASCTY REVIEW/UPDATE/SET ACB SECURITY CODES FUNCTION--> * DISPLAY DISPLAY ALTER ---------- SECURITY ---------- NAME PASSWORD PASSWORD HEX BIT UFODD 000000 00000000 00000000 00000000 UFOEDD 000000 00000000 00000000 00000000 UFOEDIT PSWD1 PSWD2 000000 00000000 00000000 00000000 UFOKMENU 000000 00000000 00000000 00000000 UFOMAINT 000000 00000000 00000000 00000000 UFOMENU 000000 00000000 00000000 00000000 UFOMNTBM 000000 00000000 00000000 00000000 UFOMNTLD 000000 00000000 00000000 00000000 UFORUN 000000 00000000 00000000 00000000 UFOSTAGE 000000 00000000 00000000 00000000 UFOXDDS 000000 00000000 00000000 00000000
UFODSCTY execution and display is similar to UFOASCTY.
Disregard the SECURITY BIT columns that show in the UFOASTCY and UFODSCTY display. The security bits of UFOASCTY and UFODSCY are no longer available because CICS Transaction Server (CTS) has eliminated the SNT (Signon Table).
CA UFO security is activated via the UFO INIT table (macro UFMAINIT, load module/phase UFLAIN32) parameter SECURE=YES. You must assure that the UFO INIT table has been assembled and link edited with SECURE=YES to trigger the use of the component passwords. The UFOINTSE utility will display the SECURE=value. Below is the UFOINSTE display showing that security has been turned on:
UFOINTSE UFO/INIT MAINTENANCE UTILITY Function-> * -*- REVIEW/UPDATE SECURITY and ACCOUNTING PARAMETERS -*- CNTRLPW= System control password DICTPRC= Security procedure for DDS PROCPRC= Security procedure for PDS SECURE= Y CICS security support SECEXIT= * EXTERNAL SECURITY EXIT NAME SIGNON= 0 Signon level ACCEXIT= External accounting exit name
Note: The SECURE value can be changed and updated via UFO INTSE, but the updated setting is only temporary for the current CICS session.
How does Advantage CA-UFO Security Work?
Once the passwords have been set and SECURE=YES has been activated, the user will be required to enter the password when accessing the UFO component or when executing the CA UFO application. When executing the application from initial entry, the password must be entered as part of the initial entry command. For example, suppose the Advantage CA-UFO application called PROG1 had a display password of DPW1. The user would enter the following from a clear screen to execute the application:
UFO EXEC PROG1 DPW1
If CA UFO had detected a password mismatch then the initial UFO menu would be displayed along with the MS10 error message:
Welcome to the UFO application development system on 01/07/05 at 12:51:21.1 UUU UUU FFFFFFFFFFFFF OOOOOOOOOOOOO UUU UUU FFFFFFFFFFFFF OOOOOOOOOOOOO UUU UUU FFF OOO OOO UUU UUU FFFFFFF OOO OOO UUU UUU FFFFFFF OOO OOO UUU UUU FFF OOO OOO UUUUUUUUUUUUUU FFF OOOOOOOOOOOOO UUUUUUUUUUUUUU FFF OOOOOOOOOOOOO **** RELEASE 3.2.0 **** COPYRIGHT On-Line Software International, Inc. 1990, ALL RIGHTS RESERVED. _ 1. UFOD Development system menu 4. UFOSS Service system menu 2. UFOS Security system menu 5. UFOEI Executive inquiry menu 3. UFOP Page system menu Appl--> ________ Key--> ________________ Dpw--> Apw--> MS10 PROG1 is password protected against unauthorized access Command ==> ________ PF1=Help PF3=Exit PF12=Cancel
If the application had an alter password (Apw), then the user is required to enter both the display password (Dpw) and alter password (Apw). If the display password is correct but the alter password does not match, the application will still execute but the automatic access update/add function will not be available for use. Please keep in mind that alter passwords only affect the application automatic functions and not the programmed access.
If a password-protected application invokes additional ACBs or DDs under program access control (using the /NEWSCR keyword, for example), it is the application's responsibility to ensure that the additional ACBs and DDs either have no password at all, or have exactly the same password as the first ACB or DD.
If different sets of passwords are defined for the ACB and the DD, the ACB password must be used to execute the application.
Caution: If passwords are defined for the DD but not for the ACB, the application can be invoked through the ACB without supplying passwords.
Also, if you are going to utilize the UFO Security System, it is recommended that you protect the CA UFO Security System utilities themselves. They are:
- UFOS (the menu)
For more information about CA UFO security, refer to the publication CA UFO Customization and Operation Guide Sections 2 & 12.