The security data used by the VSAM ESM Module is kept in a set of COBOL VSAM (.dat) files, referred to as the VSAM ESM file directory. These files can be created and updated using the mfsecconv utility, which can convert between data specified in a YAML file and the VSAM ESM file directory. YAML is a data serialization language typically used for configuration files which can be created and maintained using a text editor.
The COBOL VSAM files in the VSAM ESM file directory can also be edited using the Data File Editor. See Data File Editor for more information.
An example YAML file is provided with the product, es_default_security.yaml, which is located at %ProgramFiles(x86)%\Micro Focus\Enterprise Developer\etc (Windows) or $COBDIR/etc/vsam_esm (UNIX).
The YAML syntax used with mfsecconv is as follows:
Users: - User: UserId: "" #Attribute type: String AltId: "" #Attribute type: String AllowLogon: True #Attribute type: Boolean Description: "" #Attribute type: String CustomText: "" #Attribute type: String DefaultGroup: "" #Attribute type: String CreateToken: "" #Attribute type: String UseToken: "" #Attribute type: String LastLoginTime: "" #Attribute type: String, format ISO8601 ExpirationDate: "" #Attribute type: String, format ISO8601 LoginAttempts: 0 #Attribute type: Integer Audit: True #Attribute type: Boolean MTOs: Priority: 0 #Attribute type: Integer Timeout: 0 #Attribute type: Integer OperatorClass: 0 #Attribute type: Integer OperatorID: "" #Attribute type: String GroupPrefix: "" #Attribute type: String Password: - Verifier: "" #Attribute type: String in the format "<verifier type>:<verifier>" e.g. "literal:a_strong_password" - MustChange: True #Attribute type: Boolean - ExpirationDate: "" #Attribute type: String, format ISO8601 - History: # A sequence of Attribute type: String # conforming to the following format "<ISO8601 date/time>:<verifier type>:<verifier> e.g.:" - "20220811T164639Z:literal:an_old_password" UserGroups: - UserGroup: GroupId: "" #Attribute type: String Description: "" #Attribute type: String CustomText: "" #Attribute type: String Member: # A sequence of Attribute type: String, where each entity is a member of this user group - "SYSAD" #Meaning the SYSAD user is a member of this user group - "#DSAdmin Group" #The " group" suffix indicates "#DSAdmin" is a user group, whose members are also members of this group. Audit: True #Attribute type: Boolean ResourceClass: - ResourceClass: ResourceClassId: "" #Attribute type: String Description: "" #Attribute type: String CustomText: "" #Attribute type: String ResourceRules: - ResourceRule: RuleID : "" #Attribute type: String ResourceClassId: "" #Attribute type: String ACEs: #A sequence of Attribute type: String representing this rule's Access Control Entries # in the format: "<access type>:<actor>:<permission level>" e.g. - "allow:ALLUSER group:read" # the " group" suffix indicates ALLUSER is a group and allows all it's members to read. - "deny:SYSAD:execute" #Denies the user SYSAD from executing. - "deny:*:write" # denies all actors(both users and groups) from writing. Description: "" #Attribute type: String CustomText: "" #Attribute type: String Audit: True #Attribute type: Boolean
Use the mfsecconv command to import or export security data. See The mfsecconv Command for more information.