search cancel

Security consideration relating to JESINTERFACELEVEL=2

book

Article ID: 52932

calendar_today

Updated On:

Products

Compress Data Compression for MVS Compress Data Compression for Fujitsu Datacom DATACOM - AD Mainframe Software Manager (Chorus Software Manager) MICS Resource Management CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware

Issue/Introduction

Description:

CA Mainframe Software Manager requires the Communication Server FTP parameter JESINTERFACELevel be set to '2'. If this is not your current setting, security for SPOOL/SDSF must be considered before making this change.

Solution:

While most environments already have JES and SDSF security rules in place, before making a change to the JESINTERFACELevel value, your Security Administrator should be consulted. If JESINTERFACELevel is set to 2, then FTP clients have the ability to retrieve and delete any job in the system permitted by the Security Access Facility (SAF) resource class JESSPOOL. For that reason, JESINTERFACELevel=2 should be specified only if the proper JES and SDSF security measures are in place to protect access to JES output.

Please refer to the IBM Manual z/OS Communications Server IP User's Guide and Commands R1.9 SC31-8780-07.

Environment

Release:
Component: MSM