How to enforce a different approver than the person who submits a change request

Document ID : KB000054946
Last Modified Date : 14/02/2018
Show Technical Document Details

CLIP 2 determines whether to allow a user to confer a level of approval on a Change Request. CLIP 2 can also notify appropriate people when a Change Request is awaiting their approval.
(CLIP = Customer Logic Integration Point)

  • CLIP2 LEVEL=1 EXIT 0 provides AUTH (authorization) approval.

  • CLIP2 LEVEL=2 EXIT 0 provides ACCP (acceptance) approval.

The two levels are independent and concurrent, rather than hierarchical. It is possible to register ACCP before AUTH. But request processing will not begin until both are registered.

You have a lot of flexibility with CLIP02. Here are some of the variables you can use:

PCLUSERID - person releasing the request or trying to approve
ASRRID.ADMID - the registered request Administrator
ASRRID.AUTNM and ASRRID.ACCNM are set to the values of the userids who successfully AUTH or ACCP the request. You can force these to be different.

For a complete list of the variables that are available, please refer to the Installation and Configuration Guide. The documentation for each CLIP in the Advanced Customization section includes the specific variables that are available to that CLIP.

If you have users with multiple userids, you can code CLIP02 to do the verification on the name returned from RACF rather than the userid. Your PCL could look something like this:

//         DISPLAY 'VERIFY SUBMITTER/APPROVER >>>>>'                          
//         SECURITY READUSER,USERID='&PCLUSERID'                              
//         IF &PCLLSTCC <> 0                                                  
//            EXIT 16                                                         
//         ELSE                                                               
//            SET PCLUSERNM = SECURITY_USER.NAME<<F,L>>                     
//            DISPLAY 'PCLUSERID: &PCLUSERID'                                 
//            DISPLAY 'PCLUSERID RACF NAME: &PCLUSERNM'                       
//         ENDIF                                                              
//*                                                                           
//         SET ADMID = ASRRID.ADMID<<F,L>>                               
//         SECURITY READUSER,USERID='&ADMID'                                  
//         IF &PCLLSTCC <> 0                                                  
//            EXIT 16                                                         
//         ELSE                                                               
//            SET ADMNAME = SECURITY_USER.NAME<<F,L>>
//            DISPLAY 'ADMID: &ADMID'                                         
//            DISPLAY 'ADMID RACF NAME: &ADMNAME'                             
//         ENDIF                                                              
//*                                                                           
// IF ZONE = 'PROD'                                                          
//    IF &LEVEL = 1                                                           
//       IF PCLUSERNM = ADMNAME                                               
//          DISPLAY '******************************************'              
//          DISPLAY 'REQUESTOR CANNOT AUTHORISE OWN CHANGE'                      
//          DISPLAY '******************************************'              
//          EXIT 8                                                            
//       ENDIF                                                              
//    ENDIF                                                                 
//    IF &LEVEL = 2                                                         
//       IF PCLUSERNM = ADMNAME                                             
//          DISPLAY '******************************************'            
//          DISPLAY 'REQUESTOR CANNOT ACCEPT OWN CHANGE'                 
//          DISPLAY '******************************************'            
//          EXIT 8                                                          
//       ENDIF                                                              
//    ENDIF                                                                 
// ENDIF                                                                    
// EXIT 0

PLEASE NOTE: The above example is intended as an example only and has not been certified for use by CA.