Endevor

  • 1.  Endevor Alt ID

    Posted May 24, 2018 09:54 AM

    Hello, I'm executing PGM=BPXBATCH in an Endevor processor and getting permission denied reading a z/OS Unix System Services file. The ID submitting the generate has read access outside of Endevor.  Does the Endevor alternate ID need read access?  Thanks, Phil



  • 2.  Re: Endevor Alt ID

    Posted May 24, 2018 10:42 AM

    Hi Phil,

     

    When we set it up we had to ensure that our Alt ID had an OMVS segment and any relevant USS permissions.

     

    Regards,

     

    Ed



  • 3.  Re: Endevor Alt ID

    Broadcom Employee
    Posted May 24, 2018 01:44 PM

    Phil:

     

    Z/OS UNIX has an obsession with file permissions. If you want to use the alternate ID for the USS filesystem, please enable the Optional Feature Table (ENCOPTBL) parameter ' ENHOPT ENABLE_ALTID_USS_SECURITY=(ON,55)'. The '55' means both the USS group and 'other' will have read and execute authority. You can set that level. If you want to use the Endevor alternate id to read the file, it will need to either be in the group with read, or 'other' allows read.

     

    regards,

    Craig



  • 4.  Re: Endevor Alt ID

    Broadcom Employee
    Posted May 24, 2018 04:00 PM

    In addition to the above.

    BPXBATCH is a little different then the other utilities when or if the ALTID is used.

     

    This section outlines the ALTID and USS files:

    Data Set Security - CA Endevor® SCM - 18.0 - CA Technologies Documentation 

     

    This is the chart that tells most of the story if ALTID is selected by default.

     

    BPXBATCH parameter_BPX_BATCH_SPAWN_BPX_SHAREASSecurity context
    SHANYANYAlternate ID
    PGMNOn/aAlternate ID
    PGMYESNOAlternate ID
    PGMYESYESUser ID

     

    Other factors can come into play if ALTID is used.  You can also over ride the ALTID settings above with the ALTID keyword.