Authorization for VMSCHED QUERY ( USER *
Article ID: 128957
Updated On:
Products
VM:Schedule
Issue/Introduction
What authorization do we need to give a user so they can issue VMSCHED QUERY ( USER *
Environment
Release:
Component: VMD
Component: VMD
Resolution
If you don't have the authorization to QUERY, VM:Schedule responds with:
vmsched query (user *
VMDQRY0207E Authorization is required to perform a QUERY on multiple userids.
Ready(00024);
The PRODUCT VMSECURE record factors into this as well.
As documented in VM:Secure's doc under Controlling VM:Schedule Commands:
Use the VM:Schedule interface to VM:Secure to control the CANCEL, QUERY, and SCHEDULE commands. When this interface is in place, VM:Schedule first determines whether the user has VM:Schedule NOPASS authorization. If not, the rules database is searched for an applicable rule.
To simplify and not have to define a VM:Secure Rule, give the user OPERATOR and NOPASS authorizations as shown here:
AUTHORIZ NOPASS newuser
AUTHORIZ OPERATOR newuser
which are AUTHORIZ records in the VMSCHED CONFIG file.
Also make sure you have a PRODUCT VMSECURE VMSECURE record in the VMSCHED CONFIG.
vmsched query (user *
VMDQRY0207E Authorization is required to perform a QUERY on multiple userids.
Ready(00024);
The PRODUCT VMSECURE record factors into this as well.
As documented in VM:Secure's doc under Controlling VM:Schedule Commands:
Use the VM:Schedule interface to VM:Secure to control the CANCEL, QUERY, and SCHEDULE commands. When this interface is in place, VM:Schedule first determines whether the user has VM:Schedule NOPASS authorization. If not, the rules database is searched for an applicable rule.
To simplify and not have to define a VM:Secure Rule, give the user OPERATOR and NOPASS authorizations as shown here:
AUTHORIZ NOPASS newuser
AUTHORIZ OPERATOR newuser
which are AUTHORIZ records in the VMSCHED CONFIG file.
Also make sure you have a PRODUCT VMSECURE VMSECURE record in the VMSCHED CONFIG.
Additional Information
If your preference however is to do this using VM:Secure Rules, review this section in the VM:Secure doc for additional information;
https://docops.ca.com/ca-vm-secure/3-1/en/rules-facility/security-with-the-rules-facility/controlling-ca-vm-schedule-commands
Use the VM:Schedule interface to VM:Secure to control the CANCEL, QUERY, and SCHEDULE commands. When this interface is in place, VM:Schedule first determines whether the user has VM:Schedule NOPASS authorization. If not, the rules database is searched for an applicable rule.
If a pertinent rule is not found, VM:Schedule prompts users for the logon password of the user ID that will own the job. If users are scheduling a job for their own user ID, they are prompted for their logon password (unless they have VM:Schedule SKIPPASS authorization).
* Note that VM:Schedule security is available if rules are not found. For that reason, you want to maintain your current VM:Schedule SKIPPASS and NOPASS authorizations.
https://docops.ca.com/ca-vm-secure/3-1/en/rules-facility/security-with-the-rules-facility/controlling-ca-vm-schedule-commands
Use the VM:Schedule interface to VM:Secure to control the CANCEL, QUERY, and SCHEDULE commands. When this interface is in place, VM:Schedule first determines whether the user has VM:Schedule NOPASS authorization. If not, the rules database is searched for an applicable rule.
If a pertinent rule is not found, VM:Schedule prompts users for the logon password of the user ID that will own the job. If users are scheduling a job for their own user ID, they are prompted for their logon password (unless they have VM:Schedule SKIPPASS authorization).
* Note that VM:Schedule security is available if rules are not found. For that reason, you want to maintain your current VM:Schedule SKIPPASS and NOPASS authorizations.
Feedback
Yes
No
Powered by
