Release: ALL SUPPORTED RELEASES
Yes you can secure Endevor down to the element level. Here is an example what the table would look like for Action_Initiation:
Option 1:
NAMEQU ACTION_INITIATION,
L1=('C1'),
L2=(ENVIRONMENT),
L3=(SYSTEM),
L4=(SUBSYSTEM),
L5=(ELEMENT),
L6=(MENUITEM),
L7=(MENUAUTH),
Option 2:
NAMEQU ACTION_INITIATION,
L1=('C1'),
L2=(ENVIRONMENT),
L3=(SYSTEM),
L4=(SUBSYSTEM),
L5=(MENUITEM),
L6=(MENUAUTH)
NAMEQU ACTION_INITIATION,
CLASS='DATASET',
L1=('C1'),
L2=(ELEMENT)
Here is a sample of the ESI Rule (Pseudo dataset) that gets passed to to your security package (RACF/TSS/ACF2)"
Trace for option1:
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1BM4210 XADDRUTN+002790
Class=DATASET Log=NONE Func=UPDATE
Scale=0....+....1....+....2....+....3....+....4....+....5....+....6
Entity=C1.ENV1.SYS1.SUB1.ELEMENT1.UPDATE.UPDATE <================ Pseudo dataset that gets passed for option1
User USERID1 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO SECURUTN+0017E2
Class=DATASET Log=NONE Func=SIGNOVR
Scale=0....+....1....+....2....+....3....+....4....+....5....+....6
Entity=C1.ENV1.SYS1.SUB1.ELEMENT1.UPDATE.SIGNOVR <================= Pseudo dataset that gets passed for Option 1
User USERID1 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Trace for OPTION 2:
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1BM4210
Class=DATASET Log=NONE Func=UPDATE
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ENV1.SYS1.SUB1.UPDATE.UPDATE <===== Option2 pseudo dataset
User USERID1 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0005 Pass=0000 Auth=READ ACEE=00000000 C1BM4210
Class=DATASET Log=NONE Func=UPDATE
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ELEMENT1 <======= Option2 Pseudo Dataset
User USERID1 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0004 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO
Class=DATASET Log=NONE Func=SIGNOVR
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ENV1.SYS1.SUB1.UPDATE.SIGNOVR <======= Option2 Pseudo dataset
User USERID1 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
Format=0005 Pass=0000 Auth=READ ACEE=00000000 C1GSSISO
Class=DATASET Log=NONE Func=SIGNOVR <====== Option2 Pseudo dataset
Scale=0....+....1....+....2....+....3....+....4....+...
Entity=C1.ELEMENT1
User USERID1 access is allowed from SAF in WARN mode
RACROUTE RC=0000 RACHECK RC=0000 Reason=0000