Endevor

 View Only
  • 1.  Element Owner

    Posted Sep 13, 2019 03:11 PM
    Is there an option that keeps other users from editing elements they are not the owner of?  For example, I have an element under my ownership at our lowest entry stage.  I recently found that someone else was able to make changes and generate my element.  Now it appears to be owned by them.  It is also signed out to them.

    ------------------------------
    Parker B.
    Endevor Admin
    SS&C Inc
    KCMO
    ------------------------------


  • 2.  RE: Element Owner

    Posted Sep 13, 2019 03:59 PM

    Where else does the element exist?  Does that person have override signout ability?  Things you may want to check.

     

    Felicity Vaughan 

     






  • 3.  RE: Element Owner

    Posted Sep 15, 2019 04:14 PM

              We have a similar situation.  When someone else generates an element, the signout transfers to the ID doing the generate.  I just found out about this issue recently and haven't opened a ticket.  But I wouldn't mind hearing of a solution. 

     

    Randy Custard

    Performance and Capacity Planning

    Information Technology Division

    Comptroller of Public Accounts

    111 East 17th St.

    Austin TX  78774-0001

    (512) 463-8449

    randy.custard@cpa.texas.gov

     

     






  • 4.  RE: Element Owner

    Posted Oct 11, 2019 11:16 AM
    Hi Randy,

    You can have a look at this option in the ENCOPTBL

    GEN_INPLACE_DO_NOT_SET_SIGNOUT

    Regards,
    Jarus


  • 5.  RE: Element Owner

    Broadcom Employee
    Posted Sep 16, 2019 04:43 AM
    Hi,
     
    You can enable security(ESI) to prohibit the use of the override signout option.
     
    Regards,
    Ollivier

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-endevor-software-change-manager/18-0/securing/functional-security.html#toccontentbroadcomtechdocsusencamainframesoftwaredevopscaendevorsoftwarechangemanager180securingsetupesisecurityhtmlSetUpESISecurity


  • 6.  RE: Element Owner

    Posted Sep 17, 2019 10:00 AM
    Edited by Parker Blackburn Sep 17, 2019 11:28 AM
    ESI is enabled and according to our Top Secret rule no one should be able to override sign out except for our two Endevor Admins.  SOFETCH is also set to Yes.  When we turn on ESITRACE we don't see where the security rule is referenced.  Also, our before action user exit C1UEXT02 does not handle any signout processing.

    ------------------------------
    [Endevor Admin]
    [SS&C Inc]
    [MO]
    ------------------------------



  • 7.  RE: Element Owner

    Broadcom Employee
    Posted Sep 17, 2019 11:32 AM
    If a rule has been defined to prevent the override signout, the ESI trace should shows that.
    At this point, I recommend you to to open a ticket to Endevor support.


  • 8.  RE: Element Owner
    Best Answer

    Broadcom Employee
    Posted Sep 17, 2019 03:50 PM

    Hi @Parker Blackburn,

    There are a couple of quick things to check first.  

    1. Have a look at the SYSTEM definition and make sure that the "SIGN-IN/SIGN-OUT OPTIONS", "ACTIVATE OPTION" is set to "Y" at all Environments.
      If the Sign-in/out option is not active ,there will never be the 'extra ESI' call to validate the option.
    2. Check your security table (or the ESITRACE header) and confirm that either;
      • You have a higher SAFAUTH value for the SIGNOVR action than the RETRIEVE/GENERATE actions, or...
      • You use MENUAUTH instead of, or in addition to MENUITEM, in the ACTION_INITIATION rule(s)
        If you only use MENUITEM, or the SAFAUTH is the same, you won't be able to differentiate between a regular GENERATE or RETRIEVE etc. with an action that does specify Signout override (although you will still see an extra entry in the trace with FUNC=SIGNOVR).
    3. Finally check that the element is actually signed out to another user and that the UIDLOC (in C1DEFLTS) doesn't specify a range that happens to overlap for the two users in question (The C1DEFLTS value should probably be UIDLOC=(1,7), but UIDLOC=(1,8) would be even better if you use 8 character UserIDs).
    If none of these suggestions have triggered an "Ahhh! moment", please post a copy of the full ESI trace (or send it to me directly at Eoin.OCleirigh@Broadcom.com) and I'll have a look.

    Cheers,
    Eoin 





    ------------------------------
    Sr Principal Software Engineer
    ------------------------------



  • 9.  RE: Element Owner

    Posted Sep 17, 2019 05:57 PM
    The SYSTEM definition was where the problem was.  Thank you!

    ------------------------------
    SS&C Inc (fka) DST Systems Inc.
    ------------------------------