Endevor

I'm adding a new exit to one of our ENDEVOR instances so I went to define the program in C1UEXITS and found that someone had previously coded USE_ALTID=+

I looked this statement up and I don't understand , can someone explain the difference between + and Y?

I originally thought all exits were under the ALTID or not (as defined in the EXITS table), the description doesn't seem to make any sense:

• Y - Default. Indicates that CA Endevor® SCM switches to the alternate ID just before opening a data set. Then switches back to the user ID on completion of the open.

To me this implies a write to a file would run under user ID control (as it's after the open).

Steve

With USE_ALTID=Y, the exit runs under the "security context" of the user's ID, but the context is momentarily swapped to the alternate ID during OPEN operations. This is similar to the alternate ID support provided during endevor native processing but it affects all datasets opened by the exit (not only endevor datasets).

With USE_ALTID=+, the exit runs entirely under the security context of the alternate ID. This includes dataset OPEN's as well as any other operation which would involve a RACF security check like, say, a program load (provided that RACF were set to protect programs).

With USE_ALTID=N, the exit runs entirely (including dataset OPEN's) under the security context of the user's ID, which is never swapped during the processing of the exit.

In the above description, "security context" means a RACF ACEE (Accessor Control Execution Environment) control block anchored to the TCBSENV field (Security environment pointer) of the TCB (Task Control Block) under which the user exit is running.

Hope this helps

Eduard Penafiel

CA-Endevor Support