Endevor

 View Only

  • 1.  ESI

    Posted Oct 09, 2019 11:54 AM
    If you have this at the top of your BC1TNEQU table and nothing else, doesn't this give everyone READ to all of these actions?

             FUNCEQU SAFAUTH=READ,                                         +      

                   C1ACTNS=(ADD,ARCHIVE,DELETE,                           +      

                   DISPLAY,ENVRNMGR,GENERATE,MOVE,                         +        

                   PBACKOUT,PCAST,PCOMMIT,PCREATE,PDISPLAY,PDYNAMIC,       +      

                   PEXECUTE,PLIST,PMODIFY,PREVIEW,PSHIP,                   +      

                   PUTILITY,RETRIEVE,SIGNIN,SIGNOVR,UPDATE)                        


    Thanks.



    ------------------------------
    Felicity
    ------------------------------


  • 2.  RE: ESI
    Best Answer

    Broadcom Employee
    Posted Oct 10, 2019 03:14 AM

    Hi Felicity,

    The FUNCEQU macro is only used to set the required authority for the actions.  It will still depend on the actual NAMEEQ macro to determine what Pseudo dataset rule will be queried against the security system, So you still have to grant the users "READ" permission.  The exception to this is is you define a SAFAUTH of NONE, which skips the test entirely, effectively granting everybody access to that action.

    Note: if you omit one of the actions from ALL FUNCEUQ entries, it will default to NONE, or not controlled.



    ------------------------------
    Sr Principal Software Engineer
    ------------------------------

    Original Message


  • 3.  RE: ESI

    Posted Oct 10, 2019 09:22 AM

    Thanks very much Eoin.

     

     

    Felicity Vaughan 

     




    Original Message


  • 4.  RE: ESI

    Posted Oct 10, 2019 10:12 AM

    No, this only says what access is required to execute one of the actions.  The security rules will determine who has READ access to each of those functions.  You can create security rules at the function level or at a higher level. I've separated my security functions so that the functions for admins are at a higher level (UPDATE) to allow more generic security rules. The security guide walks you through setting up your rules, although I haven't looked at it for a few years.

     

    Sherri Banuelos

    Manager – CICS, Endevor and TAPS Support

    Global Infrastructure Services

    Experian IT Services

    Allen, Texas                        972-390-3170

                    Exp–branded-eSig

     

     




    Original Message


  • 5.  RE: ESI

    Posted Oct 10, 2019 10:17 AM

    Thanks Sherri.

     

    Felicity Vaughan 

     




    Original Message