The security data used by the VSAM ESM Module is kept in a set of COBOL VSAM (.dat) files, referred to as the VSAM ESM file directory. These files can be created and updated using the mfsecconv utility, which can convert between data specified in a YAML file and the VSAM ESM file directory. YAML is a data serialization language typically used for configuration files which can be created and maintained using a text editor.
The COBOL VSAM files in the VSAM ESM file directory can also be edited using the Data File Editor. See Data File Editor for more information.
An example YAML file is provided with the product, es_default_security.yaml, which is located at $COBDIR/etc/vsam_esm. [12]
The YAML syntax used with mfsecconv is as follows:
You can run mfsecconv as an import or export function and with the flags described below.
mfsecconv import <source yaml file path> <destination vsam esm file directory> [--Flags]
mfsecconv export <source vsam directory> <output yaml directory> [--Flags]
Creates the ESM data if it does not exist, this will delete existing ESM data.
The following example adds only new security information specified in the YAML file to the specified VSAM ESM file directory. Existing information in the VSAM ESM file directory is not changed:
mfsecconv import c:\source.yaml c:\destination --append
The following example updates existing security information in the specified VSAM ESM file directory from the specified YAML file. New information in the YAML file is not added to the VSAM ESM file directory:
mfsecconv import c:\source.yaml c:\destination --update
mfsecconv import c:\source.yaml c:\destination -t
The following example exports a file from the specified VSAM ESM file directory using the specified YAML file and sets the custom log level to 3:
mfsecconv export c:\vsam c:\desktop\output_vsam_esm.yaml --loglevel=3
The exported VSAM ESM file directory directory structure will be similar to the following structure:
X:/sample_esm_file_dir |---Users.dat |---PasswordHistories.dat |---Groups.dat |---Memberships.dat |---Classes.dat |---ACICSPCT # A resource class name |---|---ACEs.dat |---|---Rules.dat |---CCICSCMD # Another resource class name |---|---ACEs.dat |---|---Rules.dat