E2024 PASSWORD IS REQUIRED in DMLO
search cancel

E2024 PASSWORD IS REQUIRED in DMLO

book

Article ID: 35380

calendar_today

Updated On:

Products

IDMS IDMS - Database

Issue/Introduction

In the DMLO Main Menu screen, after entering the USER ID and PASSWORD, message E2024 PASSWORD IS REQUIRED is returned. Which password is DMLO requesting; the one from IDMS Central Security or IDD?

Environment

Release: All supported releases.
Component: DMLO.

Resolution

Centralized IDMS security supersedes any validation by IDMS DMLO. That is, if access to a dictionary or database is prohibited by the central security facility, DMLO cannot be used to bypass or override that level of security. Thus the E2024 password check is for IDD DMLO security.

First, determine what DMLO Level security is on and then second, determine whether the user is allowed access to that dictionary.

Go into IDD in the dictionary that received the E2024 message and issue the following commands:

  • SIGNON DICTNAME dictionary-name
  • DISPLAY PROGRAM DBMSDMLO.
  • DISPLAY PROGRAM DBMSDMLO VER HIGHEST.

If using Level 2 security, the "highest" version displayed above would be DBMSDMLO version 2. 

DISPLAY PROGRAM DBMSDMLO VERSION IS 2.
PROGRAM DESCRIPTION is 'SR,SU,PR,PU,ER,EU'.

Also in IDD, display the user to see whether they have access to DMLO. If IDD SECURITY is ON in the dictionary, the user must be assigned IDD authority through the AUTHORITY clause of the USER statement. Use the command DIS OPTIONS FOR SESSION. or DIS OPTIONS FOR DICTIONARY. to verify whether SECURITY FOR IDD IS ON. (see USER (DDDL Compiler)). 

Example:

DISPLAY USER NAME IS ###### . 
*+ ADD 
*+ USER NAME IS ###### 
*+ DATE CREATED IS 06/04/09 
*+ PREPARED BY USERABC 
*+ FULL NAME IS 'user name' 
*+ USER DESCRIPTION IS 'SR,SU'.(change this to match what's in program DBMSDMLO)
*+ IDD SIGNON IS ALLOWED 
*+ SIGNON PROFILE IS PROFMOD VERSION IS 1 LANGUAGE IS DC 
*+ AUTHORITY FOR UPDATE IS ( 
*+ ALL ) 
*+ DEFAULT FOR PUBLIC ACCESS IS ALL 
*+ CULPRIT OVERRIDES ARE ALLOWED 
*+ OLQ QFILE IS ALLOWED
.

Also check the DMLO installation USDTPARM macro, and parameter number 20 USERID and see whether it states USER=INPUT or USERID=PROT. USERID=PROT prevents the USERID or PASSWORD from being changed in the DMLO Signon Screen. 

*--------------------------------------------------------------------* 
* (20) : ==> USERID CHG USERID ? (INPUT/PROT) * 
*-------------------------------------------------------------------------------------* 
* INDICATES WHETHER USERID FROM IDMS/DC SIGNON MAY BE * 
* BE CHANGED AT DMLO SESSION SIGNON. * 
* * 
* VALUES ARE : INPUT ==> USERID/PASSWORD MAY BE ENTERED * 
* ON THE DMLO SIGNON SCREEN * 
* PROT ==> USERID/PASSWORD PROTECTED * 
* ON THE DMLO SIGNON SCREEN * 
* * 
* PARAMETER IS OPTIONAL, DEFAULT VALUE INPUT * 
*--------------------------------------------------------------------* 

Additional Information

Install and Maintain z/OS

Using DML Online

IDMS DMLO Security

The three levels of security available to CA IDMS DMLO users are as follows:

  • Level 1 security indicates that a security check is not needed. Any user who signs on to IDMS DMLO and specifies a valid subschema for the requested dictionary is permitted to access the database. Level 1 is the default security level.
  • Level 2 security indicates that IDMS DMLO verifies that the user and password combination specified during IDMS DMLO sign-on exist in the requested dictionary. If they do, the user can access any valid subschema in that dictionary.
  • Level 3 security indicates that IDMS DMLO not only validates the user and password, but also verifies that the user has authorization to access the requested subschema. The user must be registered for access to the requested subschema in the requested dictionary. 

Use the following syntax to register for access to a given subschema:

(ADD/MOD) USER userid PASSWORD pswd
INCLUDE ACCESS TO SUBSCHEMA subname OF SCHEMA schname V vers-nbr.

For both Level 2 security and Level 3 security, special consideration is given to situations where the user ID used to sign on to the IDMS DMLO session is the same as the user ID used to sign on to the CA IDMS/DC system. In this case, the password is not checked even though the user must still be defined to the requested dictionary. Non-validation of the password conforms to the processing done by the dictionary task.

To implement security for IDMS DMLO, register program DBMSDMLO with a version number of 1, 2, or 3. The version number corresponds to the desired security level. Use the following syntax to add this program:

ADD PROGRAM NAME IS DBMSDMLO VERSION IS n.

Register DBMSDMLO in each dictionary for which security beyond the default is required.

How to implement DMLO security using program DBMSDMLO