ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Endevor PKGSEC=ESI and approver groups

book

Article ID: 226555

calendar_today

Updated On:

Products

Endevor Software Change Manager (SCM)

Issue/Introduction

Having issues with a new userid added to an external security IBMGROUP.  Getting error is PKEX500E.  According to the package owner, the USERA can approve packages for the system, but USERB cannot and they are both in the approver group.   

Environment

Release : 18.0 18.1 

Component : CA Endevor Software Change Manager

Resolution

In this situation PKGSEC=ESI - This setting allows a site to control package actions with external security packages such as ACF2, Top Secret and RACF using the Endevor ESI Interface. 

If PKGSEC=ESI is set in the C1DEFLTS table, ALL PACKAGE ACTIONS, INCLUDING APPROVAL INVOKE ESI. 

To approve a package, the user must be a member of the approver group whether it is an internal or external group.  If you are a member of the approver group, an ESI call is first made to check to see if the USERID is authorized to perform the REVIEW action.  The action can only be performed if the USERID is authorized, otherwise the action (review/approval) will be denied.