How to have a security call at the target location of all move actions

Document ID : KB000027208
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

There has been a change in the way ESI works for a Move action.

By default, an ACTION_INITIATION call is no longer made at the target location for any MOVE action. To activate this option one has to enable the SEC_MOVE_TARGET=0N option in the optional features table (ENCOPTBL) located in the iprfx.iqual.CSIQSRC library.

This change applies to ALL Move actions, whether you are moving from stage 1 to stage 2 in the same environment or from Stage 2 in one environment to Stage 1 or Stage 2 in the next environment.

If SEC_MOVE_TARGET=ON is enabled, you will need to code security rules for the target location of all moves.

Below you will find 3 different Endevor MAPROUTES. This documents where the security call is made and what action is checked when the move is performed in batch processing, package processing and foreground without the SEC_MOVE_TARGET=OFF option enabled and also with the SEC_MOVE_TARGET=ON enabled in the ENCOPTBL.

Solution:

TEST MAPROUTE 1

MAPROUTE 1 -> 2 -> 3 -> 4

  ENV1           ENV2
ST1  ST2       ST3  ST4

OPTION ENHOPT SEC_MOVE_TARGET=OFF (DEFAULT) MOVE IN BATCH

1 - 2  CHECKS SOURCE  ACTION:  MOVE     
2 - 3  CHECKS SOURCE  ACTION:  MOVE
3 - 4  CHECKS SOURCE  ACTION:  MOVE

MOVE IN PACKAGE

1 - 2  CHECKS SOURCE  ACTION:   MOVE
2 - 3  CHECKS SOURCE  ACTION:   MOVE 
3 - 4  CHECKS SOURCE  ACTION:   MOVE

MOVE IN FOREGROUND

1 - 2  CHECKS SOURCE  ACTION:   MOVE
2 - 3  CHECKS SOURCE  ACTION:   MOVE
3 - 4  CHECKS SOURCE  ACTION:   MOVE

MOVE IN BATCH W/OPTION ENHOPT SEC_MOVE_TARGET=ON

1 - 2  CHECKS SOURCE & TARGET ACTIONS:  MOVE/MOVE
2 - 3  CHECKS SOURCE & TARGET ACTIONS:  MOVE/ADD
3 - 4  CHECKS SOURCE & TARGET ACTIONS:  MOVE/MOVE

MOVE IN PACKAGE W/OPTION ENHOPT SEC_MOVE_TARGET=ON

1 - 2  CHECKS SOURCE & TARGET ACTIONS:  MOVE / MOVE 
2 - 3  CHECKS SOURCE & TARGET ACTIONS:  MOVE/ADD
3 - 4  CHECKS SOURCE & TARGET ACTIONS:  MOVE/MOVE

MOVE IN FOREGROUND W/OPTION ENHOPT SEC_MOVE_TARGET=ON

1 - 2  CHECKS SOURCE & TARGET ACTIONS:  MOVE/MOVE
2 - 3  CHECKS SOURCE & TARGET ACTIONS:  MOVE/ADD
3 - 4  CHECKS SOURCE & TARGET ACTIONS:  MOVE/MOVE

TEST MAPROUTE 2

MAPROUTE 1 -> 2 -> 4

  ENV1           ENV2
ST1  ST2       ST3  ST4

OPTION ENHOPT SEC_MOVE_TARGET=OFF (DEFAULT) MOVE IN BATCH

1 - 2  CHECKS SOURCE  ACTION:   MOVE
2 - 4  CHECKS SOURCE  ACTION:   MOVE

MOVE IN PACKAGE

1 - 2  CHECKS SOURCE  ACTION:   MOVE 
2 - 4  CHECKS SOURCE  ACTION:   MOVE

MOVE IN FOREGROUND

1 - 2  CHECKS SOURCE  ACTION:   MOVE
2 - 4  CHECKS SOURCE  ACTION:   MOVE

MOVE IN BATCH W/OPTION ENHOPT SEC_MOVE_TARGET=ON

1 - 2  CHECKS SOURCE & TARGET ACTIONS:  MOVE/MOVE
2 - 4  CHECKS SOURCE & TARGET ACTIONS:  MOVE/ADD

MOVE IN PACKAGE W/OPTION ENHOPT SEC_MOVE_TARGET=ON

1 - 2  CHECKS SOURCE & TARGET ACTIONS:  MOVE/MOVE 
2 - 4  CHECKS SOURCE & TARGET ACTIONS:  MOVE/ADD

MOVE IN FOREGROUND W/OPTION ENHOPT SEC_MOVE_TARGET=ON

1 - 2  CHECKS SOURCE & TARGET ACTIONS:  MOVE/MOVE
2 - 4  CHECKS SOURCE & TARGET ACTIONS:  MOVE/ADD

TEST MAPROUTE 3

MAPROUTE 1 -> 2 -> 4 -> 5 OR 6

  ENV1         ENV2      ENV3
ST1  ST2     ST3  ST4      ST5  ST6

ENV1 - ENTRY STAGE1
ENV2 - ENTRY STAGE2
ENV3 - ENTRY STAGE1

OPTION ENHOPT SEC_MOVE_TARGET=OFF (DEFAULT) MOVE IN BATCH

1 - 2  CHECKS SOURCE  ACTION:   MOVE
2 - 4  CHECKS SOURCE  ACTION:   MOVE
4 - 5  CHECKS SOURCE  ACTION:   MOVE
4 - 6  CHECKS SOURCE  ACTION:   MOVE

MOVE IN PACKAGE

1 - 2  CHECKS SOURCE  ACTION:   MOVE
2 - 4  CHECKS SOURCE  ACTION:   MOVE
4 - 5  CHECKS SOURCE  ACTION:   MOVE
4 - 6  CHECKS SOURCE  ACTION:   MOVE

MOVE IN FOREGROUND

1 - 2  CHECKS SOURCE  ACTION:   MOVE
2 - 4  CHECKS SOURCE  ACTION:   MOVE
4 - 5  CHECKS SOURCE  ACTION:   MOVE
4 - 6  CHECKS SOURCE  ACTION:   MOVE

MOVE IN BATCH W/OPTION ENHOPT SEC_MOVE_TARGET=ON

1 - 2  CHECKS SOURCE & TARGET  ACTION:   MOVE/MOVE
2 - 4  CHECKS SOURCE & TARGET  ACTION:   MOVE/ADD
4 - 5  CHECKS SOURCE & TARGET  ACTION:   MOVE/ADD
4 - 6  CHECKS SOURCE & TARGET  ACTION:   MOVE/MOVE

MOVE IN PACKAGE W/OPTION ENHOPT SEC_MOVE_TARGET=ON

1 - 2  CHECKS SOURCE & TARGET  ACTION:   MOVE/MOVE
2 - 4  CHECKS SOURCE & TARGET  ACTION:   MOVE/ADD
4 - 5  CHECKS SOURCE & TARGET  ACTION:   MOVE/ADD
4 - 6  CHECKS SOURCE & TARGET  ACTION:   MOVE/MOVE

MOVE IN FOREGROUND W/OPTION ENHOPT SEC_MOVE_TARGET=ON

1 - 2  CHECKS SOURCE & TARGET  ACTION:   MOVE/MOVE
2 - 4  CHECKS SOURCE & TARGET  ACTION:   MOVE/ADD
4 - 5  CHECKS SOURCE & TARGET  ACTION:   MOVE/ADD
4 - 6  CHECKS SOURCE & TARGET  ACTION:   MOVE/MOVE

To check what security calls are being made you can turn on the esi trace. To do this in batch, add the dd statement //en$tresi dd sysout=*, to turn the trace on in foreground: ALLOC DD (EN$TRESI) DA(*) SHR

For more information on how to activate and read the ESI Trace, please refer to the Endevor Security Guide - Section 4.7 - The Endevor ESI Trace Facility.

File Attachments:
TEC433012.zip