Is there a way to prevent job purge access while allowing job cancel access in SDSF for some users that have operator command and JES2.CANCEL.- access as shown below?
NP JOBNAME JobID Owner Prty Queue C Pos SAff ASys Status
C stcname STC06075 stc 1 PRINT 48 -> Should have access to Cancel the job
p stcname STC06099 stc 1 PRINT 51 -> Should not have access to Purge the job
Release : 16.0
Component : ACF2 for z/OS
From ACF2 standpoint, both CANCEL and PURGE commands drive the resource call with same resource name as shown below:
Purge command:
ROPR-JES2.CANCEL.STC LOG ROPR-JES2
ABC DEFGFHR SDSF SYSX ACF9CAUT RULE - DIRECTRY UPDT
22.221 08/09 07.38 JES2 ABC XYZ 0 0 4 0 4
SAF RESOURCE CLASS OPERCMDS
RESOURCE NAME: JES2.CANCEL.STC
LOG STRING: $CS(6099),P
Cancel command:
ROPR-JES2.CANCEL.STC LOG ROPR-JES2
ABC DEFGFHR SDSF SYSX ACF9CAUT RULE - DIRECTRY UPDT
22.221 08/09 08.13 JES2 ABC XYZ 0 0 4 0 4
SAF RESOURCE CLASS OPERCMDS
RESOURCE NAME: JES2.CANCEL.STC
LOG STRING: $CS(6075)
Hence, there are no resource rule or validations that can be changed in ACF2.
The recommendation is to check with IBM to see if there is a SDSF configuration option that would cause unique resource validations for CANCEL and PURGE.