Functional Security

ce18
2
Functional security is implemented using the External Security Interface (ESI). ESI secures
Endevor
access and action functions through the IBM System Authorization Facility (SAF), using the site security package on your system. ESI lets you do the following tasks:
  • Extend your site security package to control and authorize access to components maintained by the product.
  • Secure user actions ranging from Environment access to specific action checks.
  • Customize ESI security through a table-driven architecture.
How ESI Security Works
ESI forces functional security by constructing a pseudo data set name and authorization combination and queries your site security package for a ruling on whether the user can access the data set.
  1. Each security control point (Exit 01) invokes ESI processing. At each Exit 01, the Name Equates Table is invoked.  The Name Equates Table maps entity names to pseudo data set names to determine whether a user can access an inventory, Environment, function, or action. These entities include actions, CCIDs, Elements, Environments, Stages, and System/Subsystem combinations. Each node in a data set name only allows a maximum of eight characters per value; therefore, values greater than eight characters are truncated to eight characters (for example, EMERGENC). ESI uses the Name Equates table to construct the pseudo data set name and authorization.
  2. ESI queries your site security package for a ruling on whether the user is allowed to access the pseudo data set by executing the operating system RACROUTE macro. The RACROUTE macro provides an application with access to the System Authorization Facility (SAF) which in turn communicates with your site security package (
    ACF2
    ,
    Top Secret
    , or RACF). SAF lets the product request authorization information for any site security package.
  3. SAF routes the RACROUTE request directly to the site security package.
  4. The security package interprets the request by looking up the request in the security database.
  5. SAF returns to ESI and the request either passes or fails.
  6. ESI returns to Exit 01 processing.
  7. The product Exit 01 processing runs other user exits.
  8. Exit 01 processing may return to the product.
The following diagram shows how ESI interacts with site security packages:
ESI - Site Security Packages
ESI - Site Security Packages
When ESI is enabled, security rules must be defined to the site security package. In the previous diagram,
Endevor
uses IBM's System Authorization Facility (SAF) calls to query the installed security package.
Security Processing Model
The following figure shows how ESI works with a site security package such as
ACF2
,
Top Secret
, RACF.
Security processing model
Security processing model
The following list describes the security processing model.
  1. Endevor
    calls Exit 01 processing.
  2. Exit 01 calls ESI., which constructs the data set name (DSN) and authorization level from the Name Equates Table.
  3. ESI issues a RACROUTE request with the DSN and authorization levels. RACROUTE requests are routed to the System Authorization Facility (SAF).
  4. SAF routes the RACROUTE request directly to the site security package.
  5. The security package interprets the request by looking up the request in the security database.
  6. SAF returns to ESI and the request either passes or fails.
  7. ESI returns to Exit 01 processing.
  8. The product Exit 01 processing runs other user exits.
  9. Exit 01 processing may return to the product.
User Exit Modules
You can define a user exit module at Exit 01 to do the following tasks:
  • Supplement the menu-building checks the system makes at each security control point.
  • Supplement the action-request authorization that occurs at each security control point.
Exit 01 can only further restrict security, it cannot override restrictions that are imposed by your site security package (
ACF2
,
Top Secret
, RACF).