Is there a way to prevent job purge access while allowing job cancel access in SDSF for some users that have operator command and JES2.CANCEL.- access as shown below?

NP   JOBNAME  JobID    Owner    Prty Queue      C   Pos SAff  ASys Status
  C   stcname STC06075 stc    1 PRINT           48 -> Should have access to Cancel the job
  p    stcname STC06099 stc    1 PRINT          51 -> Should not have access to Purge the job

Release : 16.0

Component : ACF2 for z/OS

From ACF2 standpoint, both CANCEL and PURGE commands drive the resource call with same resource name as shown below:

Purge command:

ROPR-JES2.CANCEL.STC                             LOG  ROPR-JES2

ABC          DEFGFHR    SDSF     SYSX ACF9CAUT RULE        -     DIRECTRY UPDT

22.221 08/09 07.38    JES2     ABC XYZ                0   0   4   0   4

SAF RESOURCE CLASS OPERCMDS

RESOURCE NAME: JES2.CANCEL.STC

LOG STRING:    $CS(6099),P

Cancel command:

ROPR-JES2.CANCEL.STC                             LOG  ROPR-JES2

ABC          DEFGFHR   SDSF     SYSX ACF9CAUT RULE        -     DIRECTRY UPDT

22.221 08/09 08.13    JES2     ABC XYZ                0   0   4   0   4

SAF RESOURCE CLASS OPERCMDS

RESOURCE NAME: JES2.CANCEL.STC

LOG STRING:    $CS(6075)

Hence, there are no resource rule or validations that can be changed in ACF2.

The recommendation is to check with IBM to see if there is a SDSF configuration option that would cause unique resource validations for CANCEL and PURGE.