DB347012 using Web Services within a secured IDMS CV
search cancel

DB347012 using Web Services within a secured IDMS CV

book

Article ID: 38985

calendar_today

Updated On:

Products

IDMS

Issue/Introduction

Running the Web Services Employee Demonstration query using OCF as illustrated in the Web Services documentation. The query is

SELECT * FROM DEMOEMPL.IDMSCONP
 WHERE EMP_ID = '0472'
   AND IP_ADDRESS = ‘127.0.0.1
   AND CV_PORT = 3800
   AND DBNAME = 'SYSDICT'
   AND USER_ID_BIN = 'USERA' 
   AND PASSWORD_BIN = 'password’;

This query failed with error message

DB347012 V5994 T696 Security Violation: user=*UNKNOWN* subschema=EMPSS01 dbname=SYSDICT program=

The IDMS CV is secured: Signon, task and database security is active via internal security.

Environment

Release: All supported releases.
Component: IDMS Web Services.

Cause

This problem happens when the query is executed in a secured IDMS CV and IDMS Web Services has not been instructed to do a signon.

Resolution

  1. Make sure that the user USERA has all necessary authorities to access the involved database(s).

  2. Make sure that the LWEBSERV task is unsecured:
    a) by adding a TASK entry in your RHDCSRTT source to turn security off:

    #SECRTT TYPE=OCCUR,RESNAME='LWEBSERV',                        X
                           RESTYPE=TASK,SECBY=OFF

    b) or, by adding the LWEBSERV Task into a Resource Category which has EXECUTE authority being granted to PUBLIC.

    Additional note:
    The LWEBSERV task must be unsecured. If the task is secured (and even if the userid has the necessary authorities to execute the task), then the query will fail with this message:

    DC021102 V67 SECUIRITY VIOLATION BY USER ***. ACCESS TO RESOURCE LWEBSERV DENIED.

  3. Within a secured IDMS CV, Web Services must be instructed to issue a signon when executing these queries. This can be done by running the task WSQP with parameter “REQUIRE SIGNON=YES”, before executing the queries. The WSQP task stores the configuration settings in a queue record called IDMSWS-VER2. This task calls program RHDCWSQL to load the updated queue into storage ID WSV2. During startup, the WSQL task is started automatically to read the IDMSWS-VER2 queue and load it into a shared storage with ID WSV2. It writes the following message into the IDMS log:

    DC503300 V67 T25 RHDCWSQL *** IDMS WEB SERVICES STORAGE ALLOCATED.

  4. Make sure to include the userid AND password in the query, by means of the USER_ID_BIN and PASSWORD_BIN columns. See the SELECT statement shown above.

Additional Information