When connecting to the FTP server, users are no longer able to use FILETYPE=JES to transfer to the JES queue. ACF2 violations occur for RSER-EZB.sysname.daemon.ACCESS.JES.
Is the requirement for a security rule new with z/OS 2.4?
Release : 16.0
Component : ACF2 for z/OS
The SERVAUTH resource class for resource EZB.FTP.sysname.ftpdaemonname.ACCESS.JES is a resource validation call that FTP to control access to FTP JES mode. z/OS 2.5 and z/OS V2R4 Communications Server, with APAR PH42618, supports
this new SAF resource in the SERVAUTH class to control which users are allowed to access FTP JES mode.
The IBM documentation recommends the following for this resource validation for FTP JES:
To code an ACF2 resource rule for this EZB resource, sites can run the ACFRPTRV report to obtain the details on the violation, such as access SERVice(Read,Add,Update,Delete or Execute) and UID string. Here is a sample rule:
RECKEY EZB ADD( sysname.daemon.ACCESS.JES UID(uuuuuuuuuuuu) SERVICE(xxxxxx) ALLOW)
where uuuuuuuuuuuu is the UID string and xxxxxxx is the SERV from the ACFRPTRV report.