Creating and managing variables and passwords on the agents
Use the param
command to define and manage
user passwords and variables locally on the HCL Workload Automation for Z agents.
The values are resolved at submission time on the agent where the
job is submitted.
Authorization
To create, delete, or display variables or passwords, you must have Administrator or root user rights on the workstation that runs the agent or TWS_user rights on the agent.
Syntax
param -u | -V |
{-c | -ec} [file.section.|file..|section.] variable [value] |
[file.section.|file..|section.] variable |
{-d | -fd} [file.section.|file..|section.] variable
Arguments
- -u
- Displays command usage information and exits.
- -V
- Displays the command version and exits.
- -c | -ec
- Creates variable or password variable and defines its value value.
The variable or password is placed in a namespace file that
you can organize in one or more sections named section.
If you do not provide a file name file, the variable or password is placed in default file jm_variables in path agent_installation_path\TWA\TWS\ITA\cpa\config\jm_variables_files (/TWA/TWS/ITA/cpa/config/jm_variables_files) on the agent.
If you do not provide a section name section, the variable or password is placed in the main body of the file.Important: If you are defining a password, you must specify a section namedpassword
for variable. This specifies that variable is a password.If you are creating a variable, variable is the variable name and value is its value. If you are creating a password, variable is the user name and value is its password. If you do not enter value within the arguments, the command requests interactively to enter a value.
Argument -c creates the variable in clear form. Argument -ec creates the variable in encrypted form. Passwords are encrypted by default also if you use -c.
- -d | -fd
- Deletes (-d) or forces deletion (-fd) of a file,
section, or variable (password). You can use the following wildcards:
- *
- Replaces one or more alphanumeric characters.
- ?
- Replaces one alphanumeric character.
With -d the command asks for confirmation before deleting. With -fd it deletes without asking confirmation.
When you delete all the variables in a section, the section is removed from the file. When you delete all the sections and all the variables from a file, the file is removed.
- file
- The name of the file used as a namespace for variable.
If you do not specify file, the command uses the default file jm_variables in
path agent_installation_path\TWA\TWS\ITA\cpa\config\jm_variables_files (/TWA/TWS/ITA/cpa/config/jm_variables_files).
All the variable namespaces go in path agent_installation_path\TWA\TWS\ITA\cpa\config\jm_variables_files (/TWA/TWS/ITA/cpa/config/jm_variables_files).
- section
- The name of the section within file where variable is
defined. When variable is used for a password, it must be placed
in a section named
password
. No section name is required to store variables. - value
- The value for variable.
- variable
- Can be a variable name or a user identification. If it is used
for identification, it must be placed in a section named
password
within the namespace file.
Comments
param [file.section.|file..|section.] variable
where
you can use the * and ? wildcards described for the deletion command.The namespace files, including default jm_variables, have no extension.
Variable names are case sensitive.
On
IBM i systems, if you use the QP2TERM and the QSH shells, passwords
are made visible during the creation process with param
and
are displayed clearly in the shell logs. To guarantee the obfuscation
of a password, you need to use the AIXTERM or XTERM shells.
Examples
param -c compassets.hardware.platform1 unix
defines
variable platform1
with value unix
in
section hardware
of the new or existing file named compassets
.
The value is not encrypted.param -c compassets..platform1 unix
defines
variable platform1
with value unix
in
the new or existing file named compassets
. The value
is not encrypted.param -ec hardware.platform1 unix
defines
variable platform1
with value unix
in
section hardware
in the default file agent_installation_path\TWA\TWS\ITA\cpa\config\jm_variables_files\jm_variables.
The value is encrypted.param -c compassets.password.jladams san07rew
defines
variable jladams
with value san07rew
in
section password
of the new or existing file named compassets
.
Since jladams
is defined in section password
,
it is interpreted as a username. The value san07rew
is
encrypted by default since it is interpreted as a password.param *.*.platform1
lists variable platform1
in
all its defined locations. That is:..\TWA\TWS\ITA\cpa\config\jm_variables_files\compassets.hardware.platform1=unix
..\TWA\TWS\ITA\cpa\config\jm_variables_files\compassets..platform1=unix
..\TWA\TWS\ITA\cpa\config\jm_variables_files\jm_variables.hardware.platform1=**
param password.*adam*
lists all variables
including the string adam
contained in the password
section
of all files. In this case:...\TWA\TWS\ITA\cpa\config\jm_variables_files\compassets.password.jladams=********
param -d compassets.password.jladams
deletes
variable jladams
.param -d compassets.password.*
deletes
all the variables found in section password
and therefore
removes this section from file compassets
.param -d compassets.*.*
deletes
all the contents (variables and sections containing variables) found
in file compassets
and therefore removes the file.