How do we implement passwords in CA UFO?

Document ID:  TEC355819
Last Modified Date:  07/11/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA UFO

Releases

  • CA UFO:Release:3.2

Components

  • CA UFO:UFO
Introduction:

This article will discuss how to implement passwords on UFO components.

Question:

How do we implementing Passwords in CA UFO?

Answer:

Each UFO component may be assigned a display password (Dpw) and/or alter password (Apw). The display password restricts/allows users to modify or execute certain components while the alter password restricts/allows users from using the CA UFO auto access feature.

How to Set Up Advantage CA-UFO Security

To set up passwords for UFO ACB components, the CA UFO UFOASCTY utility is used. To set up passwords for UFO DD components, the UFODSCTY is used. Each ACB or DD can be assigned a display password and/or an alter password.

UFOASCTY

In this example, we are going to put a display password and alter password on the ACB called UFOEDIT. From a clear screen enter UFO ASCTY. The following screen will be displayed:

UFOASCTY        REVIEW/UPDATE/SET ACB SECURITY CODES            
FUNCTION--> *
DISPLAY  DISPLAY   ALTER     ---------- SECURITY ----------    
  NAME   PASSWORD PASSWORD  HEX             BIT                 
                                                               
UFODD                       000000 00000000 00000000 00000000  
UFOEDD                      000000 00000000 00000000 00000000   
UFOEDIT                     000000 00000000 00000000 00000000
UFOKMENU                    000000 00000000 00000000 00000000
UFOMAINT                    000000 00000000 00000000 00000000
UFOMENU                     000000 00000000 00000000 00000000
UFOMNTBM                    000000 00000000 00000000 00000000
UFOMNTLD                    000000 00000000 00000000 00000000
UFORUN                      000000 00000000 00000000 00000000
UFOSTAGE                    000000 00000000 00000000 00000000
UFOXDDS                     000000 00000000 00000000 00000000

Once the UFOASCTY screen is displayed, move the cursor to the name of the component whose password you want to change. If the initial screen does not contain the component that you want to change, just overtype the first entry with the desired component name and hit enter. CA UFO will reposition the component name display alphabetically starting with your entry.

To set or change the password, type the display password in the DISPLAY PASSWORD column, and the alter password (if any) in the ALTER PASSWORD column to the right of the component name.

When you have finished making changes, perform an update by pressing <PF1> or by typing a U in the FUNCTION field, and pressing enter. Any number of passwords can be changed at one time.

UFOASCTY        REVIEW/UPDATE/SET ACB SECURITY CODES         
FUNCTION--> *
                                                               
DISPLAY  DISPLAY   ALTER     ---------- SECURITY ----------    
  NAME   PASSWORD PASSWORD  HEX             BIT                 
                                                               
UFODD                       000000 00000000 00000000 00000000   
UFOEDD                      000000 00000000 00000000 00000000   
UFOEDIT  PSWD1    PSWD2     000000 00000000 00000000 00000000   
UFOKMENU                    000000 00000000 00000000 00000000   
UFOMAINT                    000000 00000000 00000000 00000000   
UFOMENU                     000000 00000000 00000000 00000000   
UFOMNTBM                    000000 00000000 00000000 00000000   
UFOMNTLD                    000000 00000000 00000000 00000000   
UFORUN                      000000 00000000 00000000 00000000   
UFOSTAGE                    000000 00000000 00000000 00000000   
UFOXDDS                     000000 00000000 00000000 00000000  

UFODSCTY

UFODSCTY execution and display is similar to UFOASCTY.

Note:

Disregard the SECURITY BIT columns that show in the UFOASTCY and UFODSCTY display. The security bits of UFOASCTY and UFODSCY are no longer available because CICS Transaction Server (CTS) has eliminated the SNT (Signon Table).

SECURE=YES

CA UFO security is activated via the UFO INIT table (macro UFMAINIT, load module/phase UFLAIN32) parameter SECURE=YES. You must assure that the UFO INIT table has been assembled and link edited with SECURE=YES to trigger the use of the component passwords. The UFOINTSE utility will display the SECURE=value. Below is the UFOINSTE display showing that security has been turned on:

UFOINTSE                UFO/INIT MAINTENANCE UTILITY        Function-> * 
                                                                          
                                                                          
          -*- REVIEW/UPDATE SECURITY and ACCOUNTING PARAMETERS -*-        
                                                                          
                                                                          
                                                                          
 CNTRLPW=                    System control password                      
 DICTPRC=                    Security procedure for DDS                   
 PROCPRC=                    Security procedure for PDS                   
 SECURE= Y                   CICS security support                        
 SECEXIT=                  * EXTERNAL SECURITY EXIT NAME                  
 SIGNON= 0                   Signon level                                 
 ACCEXIT=                    External accounting exit name  

Note: The SECURE value can be changed and updated via UFO INTSE, but the updated setting is only temporary for the current CICS session.

How does Advantage CA-UFO Security Work?

Once the passwords have been set and SECURE=YES has been activated, the user will be required to enter the password when accessing the UFO component or when executing the CA UFO application. When executing the application from initial entry, the password must be entered as part of the initial entry command. For example, suppose the Advantage CA-UFO application called PROG1 had a display password of DPW1. The user would enter the following from a clear screen to execute the application:

UFO EXEC PROG1 DPW1

If CA UFO had detected a password mismatch then the initial UFO menu would be displayed along with the MS10 error message:

Welcome to the UFO application development system on 01/07/05 at 12:51:21.1 
                                                                             
        UUU         UUU     FFFFFFFFFFFFF    OOOOOOOOOOOOO                   
         UUU         UUU     FFFFFFFFFFFFF    OOOOOOOOOOOOO                  
          UUU         UUU     FFF              OOO       OOO                 
           UUU         UUU     FFFFFFF          OOO       OOO                
            UUU         UUU     FFFFFFF          OOO       OOO               
             UUU         UUU     FFF              OOO       OOO              
              UUUUUUUUUUUUUU      FFF              OOOOOOOOOOOOO             
               UUUUUUUUUUUUUU      FFF              OOOOOOOOOOOOO            
                                                                             
                             **** RELEASE 3.2.0 ****                         
                                                                             
 COPYRIGHT On-Line Software International, Inc. 1990, ALL RIGHTS RESERVED.   
                                                                             
                                                                             
       _ 1. UFOD Development system menu   4. UFOSS Service system menu      
         2. UFOS Security system menu      5. UFOEI Executive inquiry menu   
         3. UFOP Page system menu                                            
                                                                             
 Appl--> ________   Key--> ________________   Dpw-->            Apw-->       
 MS10 PROG1 is password protected against unauthorized access                
 Command ==> ________                                                        
 PF1=Help  PF3=Exit  PF12=Cancel

If the application had an alter password (Apw), then the user is required to enter both the display password (Dpw) and alter password (Apw). If the display password is correct but the alter password does not match, the application will still execute but the automatic access update/add function will not be available for use. Please keep in mind that alter passwords only affect the application automatic functions and not the programmed access.

If a password-protected application invokes additional ACBs or DDs under program access control (using the /NEWSCR keyword, for example), it is the application's responsibility to ensure that the additional ACBs and DDs either have no password at all, or have exactly the same password as the first ACB or DD.

If different sets of passwords are defined for the ACB and the DD, the ACB password must be used to execute the application.

Caution: If passwords are defined for the DD but not for the ACB, the application can be invoked through the ACB without supplying passwords.

Also, if you are going to utilize the UFO Security System, it is recommended that you protect the CA UFO Security System utilities themselves. They are:
- UFOS (the menu)
- UFOASCTY
- UFODSCTY

Additional Information:

For more information about CA UFO security, refer to the publication CA UFO  Customization and Operation Guide Sections 2 & 12.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing