Question:
How do you protect instream operator commands in JES2? In JCL, you can enter operator commands after the // and a space like this:
// D A,L
// COMMAND 'D A,L'
// F STC,CLOSE
Answer:
The JES2 address space submits the command, but on behalf of the user. The actual ACEE that is passed is the user, and that is the id that will be validated. Running a SECTRACE with FORMAT=DUMP show that:
CAS21D0I TRACEID: TEST EVENT#: 00007357
CAS21D0I JOBNAME: JES2 USERID: JES2 ASID: 0019
CAS21D1I PROGRAM: HOSCNVT RB CURR: SVC034 APF: YES SFR/RFR: N/A
CAS2200I RACROUTE REQUEST=AUTH,REQSTOR=(=>)'IEE3503D',
CAS2200I SUBSYS=(=>)'CONSOLE',CLASS=(=>)'OPERCMDS',RELEASE=1.9,
CAS2200I STATUS=NONE,ACEE=(STRUCTURE,=>,7F25F058),ATTR=READ,
CAS2200I DSTYPE=(DEFAULT)N,DECOUPL=YES,
CAS2200I ENTITY=((=>)'MVS.DISPLAY.JOB'),FILESEQ=0,GENERIC=ASIS,
CAS2200I LOG=ASIS,LOGSTR=(=>)'D A,L',MSGRTRN=YES,MSGSP=1,
CAS2200I MSGSUPP=YES,TAPELBL=STD,
CAS2200I WORKA=(STRUCTURE SAFWORKA,=>,7F39E9B8)
CAS2203I ACEE DATA AREA FOLLOWS
CAS2204I 7F25F058 +000 C1C3C5C5 FF000258 03000000 7F273188 *ACEE......
.."..h*
CAS2204I 7F25F068 +010 00000000 07E3C5E2 E3C9C440 4007D2E6 *.....TESTI
D .KW*
So normal operator command rules would apply. See the ACF2 Administrator Guide for more information on protecting Operator Commands.