Can ESI be used to secure at the Endevor Element Level
Article ID: 132064
Updated On:
Products
Endevor
Endevor Natural Integration
Endevor - ECLIPSE Plugin
Endevor - Enterprise Workbench
Issue/Introduction
There is a need to security Endevor down to the Element level. Can this be done if we use ESI?
Environment
Release:
Component: ENDBAS
Component: ENDBAS
Resolution
Yes you can secure Endevor down to the element level. Here is an example what the table would look like for Action_Initiation:
Option 1:
NAMEQU ACTION_INITIATION,
L1=('C1'),
L2=(ENVIRONMENT),
L3=(SYSTEM),
L4=(SUBSYSTEM),
L5=(ELEMENT),
L6=(MENUITEM),
L7=(MENUAUTH),
Option 2:
NAMEQU ACTION_INITIATION,
L1=('C1'),
L2=(ENVIRONMENT),
L3=(SYSTEM),
L4=(SUBSYSTEM),
L5=(MENUITEM),
L6=(MENUAUTH)
NAMEQU ACTION_INITIATION,
CLASS='DATASET',
L1=('C1'),
L2=(ELEMENT)
Here is a sample of the ESI Rule (Pseudo dataset) that gets passed to to your security package (RACF/TSS/ACF2)"
Trace for option1:
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1BM4210 XADDRUTN+002790
Class=DATASET Log=NONE Func=UPDATE
Scale=0....+....1....+....2....+....3....+....4....+....5....+....6
Entity=C1.TEST.TV1P.A32E00.ELEMENT1.UPDATE.UPDATE <================ Pseudo dataset that gets passed for option1
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO SECURUTN+0017E2
Class=DATASET Log=NONE Func=SIGNOVR
Scale=0....+....1....+....2....+....3....+....4....+....5....+....6
Entity=C1.TEST.TV1P.A32E00.ELEMENT1.UPDATE.SIGNOVR <================= Pseudo dataset that gets passed for Option 1
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Trace for OPTION 2:
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1BM4210
Class=DATASET Log=NONE Func=UPDATE
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.TEST.TV1P.A32E00.UPDATE.UPDATE <===== Option2 pseudo dataset
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0005 Pass=0000 Auth=READ ACEE=00000000 C1BM4210
Class=DATASET Log=NONE Func=UPDATE
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ELEMENT1 <======= Option2 Pseudo Dataset
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO
Class=DATASET Log=NONE Func=SIGNOVR
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.TEST.TV1P.A32E00.UPDATE.SIGNOVR <======= Option2 Pseudo dataset
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0005 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO
Class=DATASET Log=NONE Func=SIGNOVR <====== Option2 Pseudo dataset
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ELEMENT1
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Option 1:
NAMEQU ACTION_INITIATION,
L1=('C1'),
L2=(ENVIRONMENT),
L3=(SYSTEM),
L4=(SUBSYSTEM),
L5=(ELEMENT),
L6=(MENUITEM),
L7=(MENUAUTH),
Option 2:
NAMEQU ACTION_INITIATION,
L1=('C1'),
L2=(ENVIRONMENT),
L3=(SYSTEM),
L4=(SUBSYSTEM),
L5=(MENUITEM),
L6=(MENUAUTH)
NAMEQU ACTION_INITIATION,
CLASS='DATASET',
L1=('C1'),
L2=(ELEMENT)
Here is a sample of the ESI Rule (Pseudo dataset) that gets passed to to your security package (RACF/TSS/ACF2)"
Trace for option1:
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1BM4210 XADDRUTN+002790
Class=DATASET Log=NONE Func=UPDATE
Scale=0....+....1....+....2....+....3....+....4....+....5....+....6
Entity=C1.TEST.TV1P.A32E00.ELEMENT1.UPDATE.UPDATE <================ Pseudo dataset that gets passed for option1
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO SECURUTN+0017E2
Class=DATASET Log=NONE Func=SIGNOVR
Scale=0....+....1....+....2....+....3....+....4....+....5....+....6
Entity=C1.TEST.TV1P.A32E00.ELEMENT1.UPDATE.SIGNOVR <================= Pseudo dataset that gets passed for Option 1
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Trace for OPTION 2:
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1BM4210
Class=DATASET Log=NONE Func=UPDATE
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.TEST.TV1P.A32E00.UPDATE.UPDATE <===== Option2 pseudo dataset
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0005 Pass=0000 Auth=READ ACEE=00000000 C1BM4210
Class=DATASET Log=NONE Func=UPDATE
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ELEMENT1 <======= Option2 Pseudo Dataset
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO
Class=DATASET Log=NONE Func=SIGNOVR
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.TEST.TV1P.A32E00.UPDATE.SIGNOVR <======= Option2 Pseudo dataset
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0005 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO
Class=DATASET Log=NONE Func=SIGNOVR <====== Option2 Pseudo dataset
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ELEMENT1
User PILRO01 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Feedback
Yes
No
Powered by
