CA Endevor/DB Conceptual Overview › Supporting Functionality › Security Management

Security Management

CA Endevor/DB's security system controls access to data dictionary entities. It is designed to run either as a stand-alone system or in conjunction with existing security procedures.

The following capabilities are supplied with the CA Endevor/DB Security System:

• Signin/Signout – By automatically signing out an entity when it is first modified, this facility protects against concurrent updates to dictionary entities. Once signed out, an entity can only be modified by the user to whom it is signed out. To address those cases where teams of users must share entity access, CA Endevor/DB's Security System supports signout to a Change Control Identifier (CCID). When an entity is signed out to a CCID, any individual working under that CCID can update the entity. If desired, automatic signout can be applied to specific entity types. Explicit signout is also supported for situations that warrant "reserving" an entity prior to actual modification.
• Lock/Unlock – This facility disables the use of a userid, CCID or dictionary. Using this facility, it is possible to "freeze" access to a dictionary, "shut out" a user from dictionary access, and "turn off" the use of a particular CCID.
• Pre-Authorization – This capability is used to restrict certain users or groups of users from modifying particular entity occurrences and also to protect critical or sensitive entities from being modified by the general user population. Through pre-authorization, an installation can restrict the actions of selected individuals while allowing full or partial dictionary access to others. Certain individuals can also be allowed to override pre-authorization.
• Entity Type Restrictions – This security option restricts update activity against all entities of a particular type. Through this function, for example, a user may be barred from modifying database definitions, but be allowed to update processes, dialogs and maps. Entity type restrictions can be set at the data dictionary, user or CCID levels. Using this function, it is possible to set up dictionaries for predetermined development functions.
• Menu Tailoring – This facility authorizes privileged users to perform administrative CA Endevor/DB tasks. Since CA Endevor/DB's online screen design is menu-driven it is possible, through discrete function control, to define and display specific menu options as they apply to individual user authority levels.
• Security Classes – These categories are provided to permit security access and discrete function control by organizational function and/or business unit. Defined only once per unique set of permissions, security classes contain a profile of security rules and can be associated with any user or CCID.

The CA Endevor/DB Security System, in conjunction with the Dynamic Change Monitor, ensures that each entity update request is valid according to the security restrictions defined in the Change Control Database. If a request to update an entity violates established security rules, the Dynamic Change Monitor returns an error message to the user and prevents the request from passing to the data dictionary.