Package Ship action is denied via ESI and the package is still getting Shipped
search cancel

Package Ship action is denied via ESI and the package is still getting Shipped

book

Article ID: 262445

calendar_today

Updated On:

Products

Endevor

Issue/Introduction

The BC1TNEQU is coded as follows and PKGSEC=ESI is set in the C1DEFLTS table 

NAMEQU PACKAGE_ACTIONS,
      L1=('C1'),
      L2=('PACKAGE'),
      L3=(MENUITEM),
      L4=(PKGDEST),
      L5=(PKGSUBFC),
      L6=(PKGID),
      CLASS='ÅENDEVOR'

However when USERID1 ships a package the ESI trace shows that the action is denied but the ship is still taking place - why is this happening? 

Environment

Release : 19.0

Resolution

After reviewing the Endevor Options trace it was determine that the Package Superuser Option was enabled and USERID1 was coded as a SUPERUSER.
*********************************************************************** 
* SUPER USER TABLE                                                    * 
* ENDEVOR WILL LET USERIDS DEFINED AS "SUPERUSER" PERFORM ALL ACTIONS   
* AGAINST A PACKAGE EVEN IF THE PACKAGE IS NOT SHARABLE AND IF THAT     
* PACKAGE DOES NOT BELONG TO THE SUPERUSER. THE ONLY EXCEPTION TO       
* THIS IS THAT THE SUPERUSER CANNOT REVIEW (APPROVE/DENY) A PACKAGE     
* IF THEY ARE NOT AN APPROVER FOR THE PACKAGE.                          
*                                                                       
* IF NO SUPER-USERS HAVE BEEN CODED, THIS OPTION WILL NOT BE ACTIVATED. 
* THE USER-IDS MUST BE SPECIFIC, WILDCARDS ARE NOT ALLOWED.             
*---------------------------------------------------------------------*                                           
         ENHOPTSU (USERID1,USERID7)                                         
 
A Package "Superuser" can perform any package action against a package whether it is SHAREABLE, NON-SHAREABLE, or if the user is an approver. The only exception is the REVIEW (approval) action.
To be able to review (approve/deny) a package, a Superuser must be an  approver of that package. 
 
If PKGSEC=ESI or PKGSEC=MIGRATE and a user is denied to perform the action against the Package and if the user is a SUPERUSER, then the Package action will be allowed. 
                                   
Package Superusers are optional and can be defined in the Optional Feature table, ENCOPTBL.