How to protect the SJ command?
search cancel

How to protect the SJ command?

book

Article ID: 50493

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

We want to remove the authorization of the SJ command in front of a job which has already run.

We cannot find this under SDSF documentation.

Solution:

To protect SJ you have to use JESSPOOL class as follows: 

   Resource Name                          Class       Access    
    nodeid.userid.jobname.jobid.JCL        JESSPOOL     READ

Then e.g:

   TSS ADD(anydept) JESSPOOL(*.)    
    
    TSS PER(ALL) JESSPOOL(*.%) ACCESS(ALL)

These commands should allow any user to have all access to their own JESSPOOL resources and no access to others.

Environment

Release:
Component: AWAGNT
Powered by Wolken Software