Can ESI be used to secure at the Endevor Element Level
search cancel

Can ESI be used to secure at the Endevor Element Level

book

Article ID: 132064

calendar_today

Updated On:

Products

Endevor Endevor Natural Integration Endevor - ECLIPSE Plugin

Issue/Introduction



There is a need to security Endevor down to the Element level.  Can this be done if we use ESI? 

Environment

Release: ALL SUPPORTED RELEASES
 

Resolution

 Yes you can secure Endevor down to the element level.  Here is an example what the table would look like for Action_Initiation: 

Option 1:
NAMEQU ACTION_INITIATION, 
L1=('C1'), 
L2=(ENVIRONMENT), 
L3=(SYSTEM), 
L4=(SUBSYSTEM), 
L5=(ELEMENT), 
L6=(MENUITEM), 
L7=(MENUAUTH), 

Option 2: 
NAMEQU ACTION_INITIATION, 
L1=('C1'), 
L2=(ENVIRONMENT), 
L3=(SYSTEM), 
L4=(SUBSYSTEM), 
L5=(MENUITEM), 
L6=(MENUAUTH) 
NAMEQU ACTION_INITIATION, 
CLASS='DATASET', 
L1=('C1'), 
L2=(ELEMENT) 


Here is a sample of the ESI Rule (Pseudo dataset) that gets passed to to your security package (RACF/TSS/ACF2)"  

Trace for option1: 
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1BM4210 XADDRUTN+002790 
Class=DATASET Log=NONE Func=UPDATE 
Scale=0....+....1....+....2....+....3....+....4....+....5....+....6 
Entity=C1.ENV1.SYS1.SUB1.ELEMENT1.UPDATE.UPDATE     <================ Pseudo dataset that gets passed for option1 
User USERID1 access is allowed from SAF in WARN mode 
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000 
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO SECURUTN+0017E2 
Class=DATASET Log=NONE Func=SIGNOVR 
Scale=0....+....1....+....2....+....3....+....4....+....5....+....6 
Entity=C1.ENV1.SYS1.SUB1.ELEMENT1.UPDATE.SIGNOVR <================= Pseudo dataset that gets passed for Option 1 
User USERID1 access is allowed from SAF in WARN mode 
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000 

Trace for OPTION 2: 

Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1BM4210 
Class=DATASET  Log=NONE   Func=UPDATE                  
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ENV1.SYS1.SUB1.UPDATE.UPDATE      <===== Option2 pseudo dataset          
User USERID1  access is allowed  from SAF  in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000           
Format=0005 Pass=0000 Auth=READ ACEE=00000000 C1BM4210 
Class=DATASET  Log=NONE   Func=UPDATE                  
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ELEMENT1                  <======= Option2 Pseudo Dataset                    
User USERID1  access is allowed  from SAF  in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000           
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO 
Class=DATASET  Log=NONE   Func=SIGNOVR                 
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ENV1.SYS1.SUB1.UPDATE.SIGNOVR     <======= Option2 Pseudo dataset          
User USERID1  access is allowed  from SAF  in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000           
Format=0005 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO 
Class=DATASET  Log=NONE   Func=SIGNOVR         <====== Option2 Pseudo dataset 
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ELEMENT1                                     
User USERID1 access is allowed  from SAF  in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000           
 

Powered by Wolken Software