Using Web Services within a secured IDMS Central Version

Document ID : KB000038985
Last Modified Date : 14/02/2018
Show Technical Document Details

 

Issue: 

Customer wants to run the Web Services Employee Demonstration query using OCF as illustrated in the Web Services for CA IDMS User Guide, release 19.0.0.2. The query is

SELECT * FROM DEMOEMPL.IDMSCONP
             WHERE  EMP_ID = '0472' AND
                            IP_ADDRESS = ‘127.0.0.1
                 AND   CV_PORT = 3800
                 AND   DBNAME = 'SYSDICT'
                 AND   USER_ID_BIN = 'USERA' 
                 AND   PASSWORD_BIN = 'password’;

 

This query failed with error message

DB347012 V5994 T696 Security Violation: user=*UNKNOWN* subschema=EMPSS01 dbname=SYSDICT program=

The IDMS Central Version is secured : Signon, TASK and Database security is active via Internal Security.

 

Environment:  

19.0, Incremental Release 2 (INC02/IR2)

 

Cause: 

This problem happens when the query is executed in a secured CA IDMS Central Version and CA IDMS Web Services has not been informed to do a signon.

 

Resolution:

1.    Make sure that the user ‘USERA’ has all necessary authorities to access the involved database(s).

2.    Make sure that the LWEBSERV task is unsecured :

     a) by adding a TASK entry in your RHDCSRTT source to turn security off :

           #SECRTT TYPE=OCCUR,RESNAME='LWEBSERV',                        X

                               RESTYPE=TASK,SECBY=OFF

     b) or, by adding the LWEBSERV Task into a Resource Category which has EXECUTE authority being granted to PUBLIC.

     Additional note :

       The LWEBSERV task must be unsecured. If the task is secured (and even if your userid has the necessary

       authorities to execute the task), then the query will fail with this message :

                        DC021102 V67 SECUIRITY VIOLATION BY USER ***. ACCESS TO RESOURCE LWEBSERV DENIED.

3.    Within a secured CA IDMS Central Version, you need to inform CA IDMS Web Services to issue a signon when executing

     these queries.

     This can be done by running the task WSQP with parameter “REQUIRE SIGNON=YES”, before executing the queries.

     The WSQP task stores the configuration settings in a queue record called IDMSWS-VER2. This task calls program

     RHDCWSQL to load the updated queue into storage ID WSV2.

     During startup, the WSQL task is started automatically, to read the  IDMSWS-VER2 queue and load it into a shared

     storage with ID WSV2. It writes the following message into the IDMS  log :

              DC503300 V67 T25 RHDCWSQL *** IDMS WEB SERVICES STORAGE ALLOCATED.

4.    Make sure to include the userid AND password in the query, by means of the USER_ID_BIN and PASSWORD_BIN columns.

     Example : See the Select statement shown above.

 

Additional Information:

More information about CA IDMS Web Services can be found in the Web Services for CA IDMS User Guide, release 19.0.0.2.

Details about the WSQP task are described in Chapter 2: Installation, Configuration, and Usage Considerations, section Product Configuration.