In DMLO, am receiving E2024 PASSWORD IS REQUIRED. Which password is DMLO requesting?

book

Article ID: 35380

calendar_today

Updated On:

Products

CA IDMS CA IDMS - Database CA IDMS - ADS

Issue/Introduction

Question:

In the DMLO Main Menu screen, after entering my USER ID and PASSWORD, I received message E2024 PASSWORD IS REQUIRED. Which password is DMLO requesting; the one from IDMS Central Security or IDD?

 

Answer:

Centralized CA IDMS security facility supersedes any validation by CA IDMS DMLO. That is, if access to a dictionary or database is prohibited by the central security facility, you cannot use CA IDMS DMLO to bypass or override that level of security. Thus the E2024 password check is for IDD DMLO security.

First, determine what DMLO Level security is on and then second, determine whether the User is allowed access to that dictionary.

Go into IDD in the dictionary that received the E2024 message and issue the following commands: 
- SIGNON DICTNAME dictionary-name 
- DISPLAY PROGRAM DBMSDMLO. 
- DISPLAY PROGRAM DBMSDMLO VER HIGHEST. 

If you had Level 2 security it would be DBMSDMLO Version 2. 

DISPLAY PROGRAM DBMSDMLO VERSION IS 2.        

PROGRAM DESCRIPTION is 'SR,SU,PR,PU,ER,EU'.

Also in IDD, display the User to see whether they have access to DMLO.  If IDD SECURITY is ON in the dictionary, your User must be assigned IDD authority through the AUTHORITY clause of the USER statement. Use the command ‘DIS OPTIONS FOR SESSION.’ or ‘DIS OPTIONS FOR DICTIONARY’ to verify whether SECURITY FOR IDD IS ON. 
(see IDD Reference Guide, Chapter 5 Entity-Type Syntax, USER on page 389). 

Here's an example: 
DISPLAY USER NAME IS DAPABC . 
*+ ADD 
*+ USER NAME IS DAPABC 
*+ DATE CREATED IS 06/04/09 
*+ PREPARED BY USERABC 
*+ FULL NAME IS 'user name' 

*+USER DESCRIPTION IS 'SR,SU'.(change this to match what's in program DBMSDMLO)

*+ IDD SIGNON IS ALLOWED 
*+ SIGNON PROFILE IS PROFMOD VERSION IS 1 LANGUAGE IS DC 
*+ AUTHORITY FOR UPDATE IS ( 
*+ ALL ) 
*+ DEFAULT FOR PUBLIC ACCESS IS ALL 
*+ CULPRIT OVERRIDES ARE ALLOWED 
*+ OLQ QFILE IS ALLOWED

.

Also check the DMLO installation USDTPARM macro, and parameter number 20 USERID and see whether it states USER=INPUT or USERID=PROT. USERID=PROT prevents the USERID or PASSWORD from being changed in the DMLO Signon Screen. 

*--------------------------------------------------------------------* 
* (20) : ==> USERID CHG USERID ? (INPUT/PROT) * 
*-------------------------------------------------------------------------------------* 
* INDICATES WHETHER USERID FROM IDMS/DC SIGNON MAY BE * 
* BE CHANGED AT DMLO SESSION SIGNON. * 
* * 
* VALUES ARE : INPUT ==> USERID/PASSWORD MAY BE ENTERED * 
* ON THE DMLO SIGNON SCREEN * 
* PROT ==> USERID/PASSWORD PROTECTED * 
* ON THE DMLO SIGNON SCREEN * 
* * 
* PARAMETER IS OPTIONAL, DEFAULT VALUE INPUT * 
*--------------------------------------------------------------------* 

Additional Information:

CA IDMS Release 17.1 Installation and Maintenance Guide

Appendix G: CA IDMS DMLO Implementations

CA IDMS DMLO Security

The three levels of security available to CA IDMS DMLO users are as follows:

- Level 1 security indicates that a security check is not needed. Any user who signs on to CA IDMS DMLO and specifies a valid subschema for the requested dictionary is permitted to access the database. Level 1 is the default security level. 
- Level 2 security indicates that CA IDMS DMLO verifies that the user and password combination specified during CA IDMS DMLO sign-on exist in the requested dictionary. If they do, the user can access any valid subschema in that dictionary. 
- Level 3 security indicates that CA IDMS DMLO not only validates the user and password, but also verifies that the user has authorization to access the requested subschema. The user must be registered for access to the requested subschema in the requested dictionary. 

Use the following syntax to register for access to a given subschema:

(ADD/MOD) USER userid PASSWORD pswd

INCLUDE ACCESS TO SUBSCHEMA subname OF SCHEMA schname V vers-nbr.

For both Level 2 security and Level 3 security, special consideration is given to situations where the user ID used to sign on to the CA IDMS DMLO session is the same as the user ID used to sign on to the CA IDMS/DC system. In this case, the password is not checked even though the user must still be defined to the requested dictionary. Non-validation of the password conforms to the processing done by the dictionary task.

To implement security for CA IDMS DMLO, you must register program DBMSDMLO with a version number of 1, 2, or 3. The version number corresponds to the desired security level. Use the following syntax to add this program:

ADD PROGRAM NAME IS DBMSDMLO VERSION IS n.

You must register DBMSDMLO in each dictionary for which security beyond the default is required.


TEC486103 DMLO receiving 'E4502 Ready Usage-Mode Security Violation'. 
CA IDMS Release 18.5 IDD DDDL Reference Guide,

Chapter 3: DDDL Compiler Options, DISPLAY/PUNCH OPTIONS Statement

 

Chapter 5: Entity-Type Syntax, USER 

Environment

Release: IDADSO00100-18.5-ADS-for CA-IDMS
Component: