Approver groups can be defined externally or internally to Endevor.

When the number of users that belong to an Endevor internal approver group grows over 16, or if you want to manage the group membership with your external security product, you will need to convert the group to an external approver group.

Release: All Supported Releases
Component: Endevor

Background:  

The External Security Interface must be already implemented in order to be able to make the change.
C1DEFLTS parameters: PKGSEC = ESI and APRVFLG=Y

Instructions: 

To convert an internal approver group into an external approver group you will have to :

1. Go to the Update Approver Group definition panel from the Endevor main panel:

    4(Environment) -> 9(APPROVER GROUP); Fill the approver group name and environment and use the option U.

2. Delete all APPROVER IDs from the definition and make sure the quorum size is at least 1; when Endevor finds an approver group with no approvers inside, it will query the external security product (RACF/Top Secret/ACF2) for the definition. The name of the approver group in Endevor and the RACF group should be the same.

If the name of your internal approver group has no RACF match, you will have to define a new empty approver group with the corresponding environment relation, because the name of an approver group cannot be updated.

Additional Information:

Approver Groups

• Any package that was cast while the group was internal will still have to be reviewed by approvers that were in the internal group at cast time.
• With external approver groups, ‘required’ approvers cannot be defined;
• Adding a user through the Endevor panel for an external approver group will make the group internal again.