Although the preferred security mechanism on a z/OS system is RACF®, Enterprise COBOL also supports using explicit passwords on VSAM files to prevent unauthorized access and update.
To use explicit passwords, code the PASSWORD clause in the FILE-CONTROL paragraph. Use this clause only if the catalog entry for the files includes a read or an update password:
If your program only retrieves records and does not update them, you need only the read password. If your program loads files or updates them, you need to specify the update password that was cataloged.
For indexed files, the PASSWORD data item for the RECORD KEY must contain the valid password before the file can be successfully opened.
If you password-protect a VSAM indexed file, you must also password-protect each alternate index in order to be fully password protected. Where you place the PASSWORD clause is important because each alternate index has its own password. The PASSWORD clause must directly follow the key clause to which it applies.