API Endevor EXTRACT security issue with IBM Application discovery
Article ID: 111051
Updated On:
Products
Endevor
Endevor Natural Integration
Endevor - ECLIPSE Plugin
Endevor - Enterprise Workbench
Issue/Introduction
IBM "Application discovery" is performing API EXTRACT action from Endevor inventory, the C1ACTNS performed is RETRIEVE while it should be DISPLAY.
I have given access SAFAUTH=READ to IBM "Application discovery" and ESI is rejecting the action since RETRIEVE is performed.
What's security level access is really required ?
The BC1TNEQU is defined as follows (Sample):
FUNCEQU SAFAUTH=READ, C1ACTNS=(DISPLAY)
FUNCEQU SAFAUTH=UPDATE, C1ACTNS=(ADD,UPDATE,GENERATE,SIGNOVR,MOVE, RETRIEVE,SIGNIN)
FUNCEQU SAFAUTH=CONTROL, C1ACTNS=(ARCHIVE,DELETE)
FUNCEQU SAFAUTH=ALTER, C1ACTNS=(ENVRNMGR)
I have given access SAFAUTH=READ to IBM "Application discovery" and ESI is rejecting the action since RETRIEVE is performed.
What's security level access is really required ?
The BC1TNEQU is defined as follows (Sample):
FUNCEQU SAFAUTH=READ, C1ACTNS=(DISPLAY)
FUNCEQU SAFAUTH=UPDATE, C1ACTNS=(ADD,UPDATE,GENERATE,SIGNOVR,MOVE, RETRIEVE,SIGNIN)
FUNCEQU SAFAUTH=CONTROL, C1ACTNS=(ARCHIVE,DELETE)
FUNCEQU SAFAUTH=ALTER, C1ACTNS=(ENVRNMGR)
Environment
Release: ENDAE.00200-18.0-Endevor-Software Change Manager
Component:
Component:
Resolution
IBM "Application discovery" needs C1ACTNS=DISPLAY to run Endevor API EXTRACT.
This is a bug in IBM "AD Connector" and corrective PTF UI57078 needs to be applied in order to have IBM "Application discovery" running with Endevor SAFAUTH=READ.
This is a bug in IBM "AD Connector" and corrective PTF UI57078 needs to be applied in order to have IBM "Application discovery" running with Endevor SAFAUTH=READ.
Additional Information
PH00125: NEW -> https://www-01.ibm.com/support/docview.wss?uid=swg1PH00125
Note: This PTF will introduce some planned updates to the IBM AD Connector for mainframe product. It is part of IBM AD release 5.0.5.1.
Note: This PTF will introduce some planned updates to the IBM AD Connector for mainframe product. It is part of IBM AD release 5.0.5.1.
Feedback
Yes
No
Powered by
