Creating and managing variables and passwords on the agents

Use the param command to define and manage user passwords and variables locally on the HCL Workload Automation for Z agents. The values are resolved at submission time on the agent where the job is submitted.

Authorization

To create, delete, or display variables or passwords, you must have Administrator or root user rights on the workstation that runs the agent or TWS_user rights on the agent.

Syntax

param -u | -V |
          {-c | -ec} [file.section.|file..|section.] variable [value] |
          [file.section.|file..|section.] variable |
          {-d | -fd} [file.section.|file..|section.] variable
                      

Arguments

-u
Displays command usage information and exits.
-V
Displays the command version and exits.
-c | -ec
Creates variable or password variable and defines its value value. The variable or password is placed in a namespace file that you can organize in one or more sections named section.

If you do not provide a file name file, the variable or password is placed in default file jm_variables in path agent_installation_path\TWA\TWS\ITA\cpa\config\jm_variables_files (/TWA/TWS/ITA/cpa/config/jm_variables_files) on the agent.

If you do not provide a section name section, the variable or password is placed in the main body of the file.
Important: If you are defining a password, you must specify a section named password for variable. This specifies that variable is a password.

If you are creating a variable, variable is the variable name and value is its value. If you are creating a password, variable is the user name and value is its password. If you do not enter value within the arguments, the command requests interactively to enter a value.

Argument -c creates the variable in clear form. Argument -ec creates the variable in encrypted form. Passwords are encrypted by default also if you use -c.

-d | -fd
Deletes (-d) or forces deletion (-fd) of a file, section, or variable (password). You can use the following wildcards:
*
Replaces one or more alphanumeric characters.
?
Replaces one alphanumeric character.

With -d the command asks for confirmation before deleting. With -fd it deletes without asking confirmation.

When you delete all the variables in a section, the section is removed from the file. When you delete all the sections and all the variables from a file, the file is removed.

file
The name of the file used as a namespace for variable. If you do not specify file, the command uses the default file jm_variables in path agent_installation_path\TWA\TWS\ITA\cpa\config\jm_variables_files (/TWA/TWS/ITA/cpa/config/jm_variables_files).

All the variable namespaces go in path agent_installation_path\TWA\TWS\ITA\cpa\config\jm_variables_files (/TWA/TWS/ITA/cpa/config/jm_variables_files).

section
The name of the section within file where variable is defined. When variable is used for a password, it must be placed in a section named password. No section name is required to store variables.
value
The value for variable.
variable
Can be a variable name or a user identification. If it is used for identification, it must be placed in a section named password within the namespace file.

Comments

To display a variable or password, a namespace file, or a section, use the command as follows:
param [file.section.|file..|section.] variable
where you can use the * and ? wildcards described for the deletion command.

The namespace files, including default jm_variables, have no extension.

Variable names are case sensitive.

On IBM i systems, if you use the QP2TERM and the QSH shells, passwords are made visible during the creation process with param and are displayed clearly in the shell logs. To guarantee the obfuscation of a password, you need to use the AIXTERM or XTERM shells.

Examples

The command:
param -c compassets.hardware.platform1 unix
defines variable platform1 with value unix in section hardware of the new or existing file named compassets. The value is not encrypted.
The command:
param -c compassets..platform1 unix
defines variable platform1 with value unix in the new or existing file named compassets. The value is not encrypted.
The command:
param -ec hardware.platform1 unix
defines variable platform1 with value unix in section hardware in the default file agent_installation_path\TWA\TWS\ITA\cpa\config\jm_variables_files\jm_variables. The value is encrypted.
The command:
param -c compassets.password.jladams san07rew
defines variable jladams with value san07rew in section password of the new or existing file named compassets. Since jladams is defined in section password, it is interpreted as a username. The value san07rew is encrypted by default since it is interpreted as a password.
The command:
param *.*.platform1 
lists variable platform1 in all its defined locations. That is:
..\TWA\TWS\ITA\cpa\config\jm_variables_files\compassets.hardware.platform1=unix
..\TWA\TWS\ITA\cpa\config\jm_variables_files\compassets..platform1=unix
..\TWA\TWS\ITA\cpa\config\jm_variables_files\jm_variables.hardware.platform1=**
The command:
param password.*adam*
lists all variables including the string adam contained in the password section of all files. In this case:
...\TWA\TWS\ITA\cpa\config\jm_variables_files\compassets.password.jladams=********
The command:
param -d compassets.password.jladams 
deletes variable jladams.
The command:
param -d compassets.password.* 
deletes all the variables found in section password and therefore removes this section from file compassets.
The command:
param -d compassets.*.* 
deletes all the contents (variables and sections containing variables) found in file compassets and therefore removes the file.