ADSA application security not enforced

Document ID : KB000124038
Last Modified Date : 02/01/2019
Show Technical Document Details
Issue:
An ADSA application is using security classes attached to responses and resource type ACTI is secured in RHDCSRTT.
Despite this, users who have not been granted the approriate ACTIVITY are able to execute the response.
It appears that ACTI security is not being enforced.
Environment:
CA IDMS, all supported releases.
Cause:
This will happen if AGR-CURRENT-RESPONSE is assigned in the ADS code as opposed to being specified by the user selecting the response from an ADSA generated menu.
This is documented in the EXEC NEXT FUNCTION docops page.
Note the fifth bullet point after Usage : "If AGR-CURRENT-RESPONSE is modified by a process command, the runtime system does not perform security checking."
Resolution:
The solution to this unexpected behaviour is to enable optional bit 86 or 87 in RHDCOPTF.
Additional Information:
Implementing Application Security