A user is allowed to perform the SIGNIN action to clear the signout indicator from an endevor element even though the user does not have 'signout override' authority as defined in Endevor external security.
An external security trace EN$TRESI shows that the user authority is checked for the SIGNIN action as expected but the subsequent security check for SIGNOVR documented in the description of the Endevor Name Equates Table is not performed.
Release : 18.1
The check for signout override authority is performed only if BOTH the following conditions apply
Otherwise the SIGNIN action is performed after just checking the userid for SIGNIN authority