To support the alternate ID processing, Endevor creates ACEE blocks (Access Control Execution Environment) which are the representation of the security scope of the alternate ID for RACF. The block is created during Endevor initialization and deleted during Endevor termination.
These blocks are created via RACROUTE macro with REQUEST=VERIFY,ENVIR=CREATE which causes RACF to create the ACEE, and deleted via RACROUTE REQUEST=VERIFY,ENVIR=DELETE which causes RACF to delete the ACEE
RACF creates the ACEEs in storage subpool 255. Storage in this subpool is kept for the life of the initiator (that is, it is not automatically released at the end of each job). For this reason, if Endevor neglected to delete its ACEE's, the initiator would run out of storage over time as it processes Endevor jobs and would need to be recycled.
Would it be possible to check whether Endevor is freeing these ACEEs?
Endevor server trace produces many messages. Among them, there are a couple of messages that can be used to ascertain that Endevor deletes its ACEEs.
The server trace is enabled by the presence of ddname EN$TRSRV during Endevor initialization:
Most of the messages print to EN$TRSRV DD, except the termination messages that print to JESMSGLG. in batch or to the user screen In a TSO session. The TSO session needs to be running with TSO PROFILE MSGID WTPMSG to ensure that TSO displays the messages to the user.
The message of interest in EN$TRSRV DD is
02:53:44.04 BC1PSVCS/SVSRACF : SCRN ON TCB: 00770528 FLG7: 08 SCR TBL: 007BA000 SCRNACEE 0079AA00
This message may print quite a few times in the trace. The addresses in TCB and SCR TBL may vary but the address in SCRNACEE should be the same each time since the address is stored in a place which all Endevor programs in the job may access
During Endevor termination with EN$TRSRV active, the following messages print to JESMSGLG (or the TSO screen)
BC1PSVCS: Ending screen: SVCA2(00000000) FLGS7(00) TCB(007A70B0) SESS(00000000)
BC1PSVCS: Prior to deleteUSP
BC1PSVCS: ACEE delete, A(0079AA00), RC(00000000)
BC1PSVCS: Removed global $SCRNDS from ERSA
The 'ACEE delete' message with the address matching SCRNACEE above confirms that the ACEE used for this run has been deleted.