ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Can CA ACF2 protect who submits specific jobs?


Article ID: 37587


Updated On:


ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit



Can CA ACF2 protect who submits specific jobs?


Yes, with a JES2 validation call under the JESJOBS class. A SAFDEF may be needed to turn on the validation, and the resource name is in the format of:

'SUBMIT.node name.jobname.userid' SUBMIT is the only hard fast name and the other 3 fields are variable. A sample rule would look like this:

PRODNODE.PRODJOB.PRODID UID(your uid string) ALLOW *** This rule allows you to submit the production job ***
PRODNODE.PRODJOB.PRODID UID(-) PREVENT *** This rule does not allow anyone else to submit production ***
- UID(-) ALLOW *** This rule line allows all other jobs

Additional Information:


Details on the JESJOBS resource class can be found in the CA ACF2 for z/OS Administration Guide, Chapter 21: JES Security Overview, Section 'Security Classes' sub-section 'JESJOBS'. 


Component: ACF2MS