Endevor SIGNIN action not checking SIGNOVR authority
search cancel

Endevor SIGNIN action not checking SIGNOVR authority

book

Article ID: 253840

calendar_today

Updated On:

Products

Endevor

Issue/Introduction

A user is allowed to perform the SIGNIN action to clear the signout indicator from an endevor element even though the user does not have 'signout override' authority as defined in Endevor external security.

An external security trace EN$TRESI shows that the user authority is checked for the SIGNIN action as expected but the subsequent security check for SIGNOVR documented in the description of the Endevor Name Equates Table is not performed.

Environment

Release : 18.1

Resolution

The check for signout override authority is performed only if BOTH the following conditions apply

  1. Sign-in/sign-out validation is active in the system definition by field 'activate option' in the sytem definition panel
  2. The element is already signed out to an user other than the one which is performing the signin

Otherwise the SIGNIN action is performed after just checking the userid for SIGNIN authority