Hello Felicity,
You can do this by adding a name equates for ACTION_INITIATION (Format 4) to define a new security profile format in
your BC1TNEQU table which includes the MENUITEM so you can check for it being TRANSFER.
You likely already have an ACTION_INITATION (Format 4) profile that is tested when you request any Endevor action.
If this profile does not already include MENUITEM then you can create another ACTION_INITIATION (Format 4) profile by including something like this in the BC1TNEQU table:
NAMEQU ACTION_INITIATION,
CLASS='£ENDEVOR',
WARN=NO, (DEFAULT)
LOG=NONE,
L1=('NDVR'),
L2=('ACTION'),
L3=(SYSTEM),
L4=(SUBSYSTEM),
L5=(MENUITEM)
Now when you do an Endevor action and include //EN£TRESI DD SYSOUT=* in the JCL to see the ESI trace you will see an extra format 4 check
ENCS101I Class=£ENDEVOR Log=NONE Func=TRANSFER
ENCS101I Scale=0....+....1....+....2....+....3....+....4
ENCS101I Entity=NDVR.ACTION.FINANCE.PAYROLL.TRANSFER
ENCS101I User FELICITY access is allowed from SAF
ENCS101I RACROUTE RC=0000 RACHECK RC=0000 Reason=0000
You also need to create the RACF profiles to allow or disallow the action taking into account FUNCEQU setting further up in the table that defines level of access require by the user to the profile being tested for the action.
So you would need security to set up RACF profiles/ACF2 rules with levels of access to groups of users who can and cannot do the TRANSFER
NDVR.ACTION.FINANCE.PAYROLL.TRANSFER (G)
NDVR.ACTION.FINANCE.PAYROLL.MOVE (G)
Original Message:
Sent: 8/12/2025 9:35:00 AM
From: Felicity Vaughan
Subject: TRANSFER ACTION
Does anyone know how to restrict the Transfer action using ESI? We ONLY want to restrict the transfer. We do not want ANY developers to have access to perform the Transfer action. Any thoughts would be greatly appreciated.
------------------------------
Felicity
------------------------------