Security consideration relating to JESINTERFACELEVEL=2

book

Article ID: 52932

calendar_today

Updated On:

Products

CA Compress Data Compression for MVS CA Compress Data Compression for Fujitsu CA Datacom CA DATACOM - AD CA Mainframe Software Manager (Chorus Software Manager) CA MICS Resource Management CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Datacom/AD

Issue/Introduction

Description:

CA Mainframe Software Manager requires the Communication Server FTP parameter JESINTERFACELevel be set to '2'. If this is not your current setting, security for SPOOL/SDSF must be considered before making this change.

Solution:

While most environments already have JES and SDSF security rules in place, before making a change to the JESINTERFACELevel value, your Security Administrator should be consulted. If JESINTERFACELevel is set to 2, then FTP clients have the ability to retrieve and delete any job in the system permitted by the Security Access Facility (SAF) resource class JESSPOOL. For that reason, JESINTERFACELevel=2 should be specified only if the proper JES and SDSF security measures are in place to protect access to JES output.

Please refer to the IBM Manual z/OS Communications Server IP User's Guide and Commands R1.9 SC31-8780-07.

Environment

Release:
Component: MSM