Client trying to prevent access for a user to view job output in SDSF. Specific PREVENT rules limit access by UID however user can still view job output.
Release : 16.0
Component : CA ACF2 for z/OS
If a user has access to the resource class SDSF resource ISFOPER.DEST.JES2 along with access to resource class SDSF resources ISFAUTH.DEST.LOCAL.DATASET.******** SDSF will specify the RECVR parameter in the RACROUTE JESSPOOL call which will override JESSPOOL rules that would prevent access to JESSPOOL print jobs if the RECVR parameter matches the logonid accessing the JES2 datasets.
To address the issue insure that the logonid trying to access the JES2 output from SDSF does not have access to resource class SDSF resource ISFOPER.DEST.JES2. For example, to add a resource rule entry to an existing ISFOPER rule the following RECKEY command can be issued from TSO, ACF:
RECKEY ISFOPER ADD(DEST.JES2 UID(uid string for logonid ABC) PREVENT)
where 'uid string for logonid ABC' is the ACF2 UID string for the logonid accessing the JES2 output.
SDF is the TYPE code specified for Resource Class JESSPOOL(default is SAF see note 1)
NOTE 1: (Optional) Change the default SAF type code by inserting a new GSO CLASMAP record for the SDSF class and specify the desired three-character type code. Specify the following commands if you want the type code to be SDF before defining the rule or updating the INFODIR record: