Monitor Endevor data sets for inappropriate access.
search cancel

Monitor Endevor data sets for inappropriate access.

book

Article ID: 10857

calendar_today

Updated On:

Products

Compliance Event Manager Endevor Endevor Natural Integration Endevor - ECLIPSE Plugin Endevor - Enterprise Workbench

Issue/Introduction

If the recommended security best practices are implemented, Endevor data sets are protected from inappropriate outside access.
Best practices include the implementation of the alternate ID and the proper configuration of a security software product to restrict data set access by any other IDs, except for a few trusted administrators.

If the best practices are not implemented, then monitoring your data sets can add a layer of protection.

When the alternate user id is implemented, updates to Endevor libraries are performed using the alternate user, not the userid.

This allows to protect Endevor libraries and prohibits users to update them outside of Endevor processing.

If Endevor libraries aren't protected or if other authorized user than alternate user id or software can update them, you might experience synchronization issues that will cause inventory corruption.

Such situation is also time consuming when you will have to fix them.

Security at all level is mandatory to keep your inventory safe.

Environment

Release: All

Component: ENDEVOR, Compliance Event Manager

Resolution

The Endevor administrator can monitor Endevor data sets for inappropriate access using the PDS Monitor feature of the Change Monitor component in Compliance Event Manager (CEM). 

Updates to Endevor data sets can occur outside the control of Endevor in the following cases:

  • When the alternate ID is not enabled and thus does not force users to go through Endevor to access the data sets.
  • When a data set is not properly secured by a security software product (IBM RACF, Top Secret, or ACF2).
  • When a privileged access user performs a direct file update.
    Privileged access users are given update permission so that they can perform routine data set maintenance as necessary.
    Only a limited number of privileged access users should be granted the authority to update the data sets outside the scope of Endevor.

You can configure a PDS Monitor policy to monitor and record any modifications to Endevor data sets. In the policy, you can specify which data sets and user IDs to monitor.
You can also set alerts to notify administrators if such activity occurs. 

If an inappropriate access occurs against an Endevor library; the PDS Monitor feature can send an automatic email in real time with the detail related to who, what and when did the update.

Look for the Compliance Event Manager component in the Endevor MVS download area.
To get your free license key for Compliance Event Manager, follow the instructions in the file called "PRODUCTKEY2020CEM.pdf", which is located in the Endevor SCM v19.0 Product Download.

Detailed instructions for Endevor customers on how to install, deploy, and configure Compliance Event Manager are available in our documentation -> Monitor Data Sets

 

Additional Information

Please also check out our new video on how to configure Compliance Event Manager to use it with Endevor -> Define Policy to Monitor Endevor Managed Data Sets