User is executing a REXX from the Endevor Panels and is allowed to update/edit a file.  If the same user executes the REXX from ISPF, they get a security violation and is not allowed. 

Why is Endevor allowing the user to do this? 

Endevor

All Support Releases

The Program Pathing rules that are in place are allowing the user(s) access to the Datasets from Endevor.  The user(s) currently have Update access to the program C1SM1000 which is allowing the Edit to the dataset under Endevor.  To resolve the problem only provide the Endevor ALTID with Update access. 

The recommended approach would be to remove Program pathing for Endevor and ONLY use the ALTID as the mechanism to access Endevor Datasets.