How to protect the SJ command?

book

Article ID: 50493

calendar_today

Updated On:

Products

CA Cleanup CA Datacom - DB CA Datacom CA Datacom - AD CA Datacom - Server CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Description:

We want to remove the authorization of the SJ command in front of a job which has already run.

We cannot find this under SDSF documentation.

Solution:

To protect SJ you have to use JESSPOOL class as follows:

   Resource Name                          Class       Access    
    nodeid.userid.jobname.jobid.JCL        JESSPOOL     READ

Then e.g:

   TSS ADD(anydept) JESSPOOL(*.)    
    
    TSS PER(ALL) JESSPOOL(*.%) ACCESS(ALL)

These commands should allow any user to have all access to their own JESSPOOL resources and no access to others.

Environment

Release:
Component: AWAGNT