E2031 : Implementing DMLO security using program DBMSDMLO
search cancel

E2031 : Implementing DMLO security using program DBMSDMLO

book

Article ID: 38674

calendar_today

Updated On:

Products

IDMS - Database

Issue/Introduction

How to implement IDMS DMLO security using program DBMSDMLO.

 

 

Environment

Release: All supported releases.
Component: DMLO.

Resolution

DMLO security is implemented via the program DBMSDMLO versions 1, or 2 or 3. However, centralized IDMS security facility supersedes any validation by IDMS DMLO. That is, if access to a dictionary or database is prohibited by the central security facility, IDMS DMLO cannot be used to bypass or override that level of security.

Program DBMSDMLO version 1, is default security level (Level 1) and means that there is no security check for DMLO users.

Program DBMSDMLO version 2 is Level 2 DMLO security and at this level, access to DMLO is restricted by a valid IDD user and password for that dictionary.

Program DBMSDMLO version 3 (Level 3), validates the DMLO user and password, but also verifies that the user has authorization to access the requested subschema in the specified dictionary.

For each of the three DMLO security levels, do the following to verify IDD access:

First, issue a DCUF to that DICTIONARY,

Then in IDD, issue a DIS OPTIONS FOR DICTIONARY and see what the security settings are set to:

INDIVIDUAL PASSWORD SECURITY OVERRIDE IS OFF
USER SIGNON OVERRIDE IS NOT ALLOWED
SECURITY FOR IDD IS ON
SECURITY FOR IDD SIGNON IS ON.

Example of DMLO Level 1 security minimum requirements

In IDD, add a program DBMSDMLO and user with retrieval access:

ADD PROGRAM NAME IS DBMSDMLO VERSION IS 1
PROGRAM DESCRIPTION IS 'SR,PR,ER'.
ADD/MOD USER userid PASSWORD pswd USER DESCRIPTION IS 'SR,SU' .

DMLO Level 2 security requirements

In IDD, add a program DBMSDMLO and user with update and retrieval access:

ADD PROGRAM NAME IS DBMSDMLO VERSION IS 2
  PROGRAM DESCRIPTION IS 'SU,PU,EU,SR,PR,ER'.
ADD/MOD USER userid PASSWORD pswd USER DESCRIPTION IS 'SU,PU,EU,SR,PR,ER'
  INCLUDE AUTHORITY FOR UPDATE IS IDD.

DMLO Level 3 security requirements

In IDD, add a program DBMSDMLO and user with update, retrieval and subschema access:

ADD PROGRAM NAME IS DBMSDMLO VERSION IS 3
  PROGRAM DESCRIPTION IS 'SU,PU,EU,SR,PR,ER'.
ADD/MOD USER userid PASSWORD pswd USER DESCRIPTION IS 'SU,PU,EU,SR,PR,ER'
  INCLUDE AUTHORITY FOR UPDATE IS IDD
  INCLUDE ACCESS TO SUBSCHEMA subname OF SCHEMA schname V vers-nbr.

A user without the appropriate level of subschema access will get error E2031 NOT AUTHORIZED FOR SUBSCHEMA ACCESS.

Additional Information

Powered by Wolken Software