DSXchange

Has anyone come up with a good method of having support staff being able to maintain passwords in Parameter Sets.

Our DBA's are required to enter the production passwords for our databases, however these folk have no DataStage training. They will need to enter the appropriate encrypted passwords into 10-15 parameter set value sets every 60 days.

Does anyone know of a way they could enter the passwords that minimizes their effort and knowledge of DataStage?
Is there a way to generate the encrypted password found in Parameter set Value files without going into DataStage?

Oh, and could this be done that meets reasonable auditing standards for password safeguard.

Hi AGStatfford.

I can remember several ways to do it nice.

One way is to make a dummy job that accepts that password. Ask the DBA's to run that job (they will input password). Build a script that can be called by this dummy job on the "after section" that reads the log. On the log you will find the encrypted password in the parameters area. Use the export utility in the server (istools) to export all objects that need the new password. Do a find and replace using something like awk to change the old passwords. Import everything again (istools). Compile objects as needed. Have a tea or coffee and relax. There are better things in life to think about.

Have fun,
me.

[snip]

I am not aware of any method for updating the encrypted password values in Values Files of Parameter Sets without using DataStage. At least not legally.

You could have passwords stored en clair but in Values Files with 700 permissions and only the owner permitted to update them. I have seen this approach implemented at a couple of sites. But it also means that only that user can run jobs.
But the really secure sites require the use of DataStage and document the process for support staff to follow.

Based upon my research you have told me what I expected. Basically there is no way to automate for ease of use the updating of the passwords.

If the password was the same, I could copy the new password encrypted text string from one ParameterSet ValueSet to another at the Unix level. However that still means the support staff has to update at least 1 ParameterSet ValueSet.