We want to provide a CANCEL authority to cancel job for each users. But, we do not want to provide a PURGE authority to purge joblog.
We defined the READ authority for JESSPOOL, in order to deter PURGE of joblog. But, we received the following security error message.
Please tell me how to set it up.

Current definition;
JESJOBS  CANCEL.*.&RACUID.*  ALTER
JESSPOOL *.user%%%.*  READ

Security message;
ICH408I USER(userid) GROUP(group) NAME(user name) nnn
INSUFFICIENT ACCESS AUTHORITY FROM *.user%%%.* (G) ACCESS INTENT (CONTROL) ACCESS ALLOWED (READ)
ICH408I USER(userid) GROUP(group) NAME(user name) nnn

localnode.userid.jobname.jobid CL(JESSPOOL) INSUFFICIENT ACCESS AUTHORITY FROM *.user%%%.* (G) ACCESS INTENT (CONTROL) ACCESS ALLOWED (READ)
localnode.userid.jobname.jobid CL(JESSPOOL)

The authority to CANCEL a job is equal to the authority required to PURGE a job in the RACF/SDSF world. But, Roscoe does not have any setting to perform the task exactly as you want. 

Using the OUTEXIT(Extended Facilities for System Programmers Guide) you might be able to build some type of table to ascertain which command is being issued and manage it with the OUTEXIT. But, this may not be easily maintained and automated. It is a possible option.

Please see the 'OUTEXIT Job Output Exit' of the 'Extended Facilities for System Programmers Guide' for more information.