Protecting VSAM files with a password
Although the preferred security mechanism on a z/OS® system is RACF®, Enterprise COBOL also supports using explicit passwords on VSAM files to prevent unauthorized access and update.
About this task
To use explicit passwords, code the PASSWORD
clause
in the FILE-CONTROL
paragraph. Use this clause only
if the catalog entry for the files includes a read or an update password:
- If the catalog entry includes a read password, you cannot open
and access the file in a COBOL program unless you use the
PASSWORD
clause in theFILE-CONTROL
paragraph and describe it in theDATA DIVISION
. The data-name referred to must contain a valid password when the file is opened. - If the catalog entry includes an update password, you can open
and access it, but not update it, unless you code the
PASSWORD
clause in theFILE-CONTROL
paragraph and describe it in theDATA DIVISION
. - If the catalog entry includes both a read password and an update password, specify the update password to both read and update the file in your program.
If your program only retrieves records and does not update them, you need only the read password. If your program loads files or updates them, you need to specify the update password that was cataloged.
For indexed files, the PASSWORD
data
item for the RECORD KEY
must contain the valid password
before the file can be successfully opened.
If you password-protect a VSAM indexed
file, you must also password-protect each alternate index in order
to be fully password protected. Where you place the PASSWORD
clause
is important because each alternate index has its own password. The PASSWORD
clause
must directly follow the key clause to which it applies.