DSXchange

I tried to use a user-defined environment variables (encrypted) in a job. Even though the environment variable is defined as encrypted data type, the data type under job parameter is always set to string and this is not updateable. I have set the value to $PROJDEF but yet the encrypted parameter value I have set in Administrator does not get pass down correctly to my job.

Any idea what is wrong? What other setting/steps are required to use an encrypted environment variable in job successfully?

Thanks,
Jet

Jet,

Is it possible that you initially set it up as String and only later changed it to Encrypted?

If so, then you must delete the parameter from each job where it is used and add it back in again. When you add it back in it should have type Encrypted rather than String.

Overtype the default value with "$PROJDEF" (it will show up as *****, so it might be best to cut/paste it from another window), confirm with "$PROJDEF" and try again.

My point here is the encrypted is set by people other than Datastage administrator for security purpose. Having it set as string in Administrator will expose the confidential value to datastage administrator.

Is this a known bug in Datastage? any work around on this? Patches?

Not to my knowledge. You have to get the DBA to come around to your desk and type the password into DS Administrator. Alternatively you could install the DS Administrator client on the DBA's PC. That is how we are doing it.

You could always go with OS level authentication...

What version of DataStage? I believe that you have to be up on at least 7.5 or perhaps even 7.5.1 for that to work correctly.

Ahhh. Victim of my own inexperience. I've never used pre-7.5.

Well setting encrypted in Administrator does do what it says....Yes the DS Admin sees but someone has to.....The way the $PROJDEF works in passing to a Job is via a Sequencer....

If you place $PROJDEF in the Job Properties of the Designer then it will fail....But then try running the Job from Director with the $PROJDEF in the Job and it runs fine....thats because the "run" is different from Designer to Director....this is a work-around...

The best practice for $PROJDEF is use in the Sequencer and then call the Job and the Job gets the variables defined in Administrator...and encrypted if desired...

For the uninitiated pre-7.5'ers out there:

This all works perfectly in 7.5 and 7.5.1a. You type in the Encrypted Environment Variable in Administrator and it appears as *******. Only the person who types it in need know what it is. The only risk of letting others into Administrator is that they will overtype it, but they cannot tell what it is.

When you create a job in Designer, you pull in the Encrypted Env Var and overtype it with $PROJDEF. When you import it, it appears as ******* (no probs), and when you overtype $PROJDEF, it's still ****** (a bit annoying that, but safe).

Whether you run from Designer or Director doesn't matter - both work.

If this is driving you nuts in a pre-7.5 world, get your boss liquored up and con him into letting you upgrade.

Jet, try deleting the parameter from your job and adding it again. Maybe it was added when the project specific field was a string and it has since been changed to encrypted.

Also whenever I set an encrypted password field to $PROJDEF I type it out in notepad and paste it into the encrypted field entry text boxes. You wouldn't believe how many times I used to get it wrong when I tried typing it directly.

You can help update the FAQ on this subject:
http://wiki.ittoolbox.com/index.php/HOW ... _variables

I am using v7.1

I create a user-defined environment variable A (encrypted)
I create a job sequence, add in a parameter from environment variable A, set default value to $PROJDEF. This job sequence call another job Job1 with a encrypted job parameter B. Job sequence assign its parameter A to Job1's parameter B.

I don't get the parameter value correctly as what was set in Administrator.

I have tried all workaround mentioned by you all but it doesn't work, sigh.

Anyone has any other idea? Maybe it is just a known bug?

Vincent has posted in this thread information on getting them to work in 7.1. There's also something here where I posted a snippet from the 7.5.1 readme which talks about changes made to the functionality in the latest release. Hope that helps.

Jet,

Try this:

* Open Job JOB1
* Set the value of encrypted Env Var $Password (or whatever..) to $PROJDEF
* Save and compile JOB1
* Create Job Sequence JS1
* Do NOT include $Password in the parameter page for JS1.
* Drag JOB1 into JS1 as a Job Activity
* Open up the Job Activity JOB1, and set the encrypted parameter $Password to $PROJDEF. Alternatively, leave it blank so that it always uses the default.
* Save, compile, and run JS1.

I think the problem is that you are setting the encrypted password in the JOB1 Job Activity to the Job Sequence's copy of the password.

When you want an environment variable to be $PROJDEF, you don't need to pass it through the Job Sequence parameters, you can just import it straight into the jobs that need it.

Apologies in advance if any of this is non-7.1 compliant.

Jet,

This is somehow relates to routine that sets parameter values from parameter file. The job with that routine encripted parameter value that is already encripted (like double encription) so the value can't get back when decripted.

The problem is sloved. If you want to know details, let me know.

Best Regards,

M

I understood that encrypted environment variable parameters weren't suppported until version 7.5, yet jetlim is on 7.1.

I vaugely remember them (or some them) not being 'fully' supported. Wasn't there something about it may work but if you changed the value of the parameter you needed to recompile the job?

In any case, my understanding is all goofiness of that ilk has been worked out in the 'latest' release.