How to secure who can submit a batch job in ACF2 where the jobname starts with a specific letter
Article ID: 14303
Updated On:
Products
ACF2
ACF2 - z/OS
ACF2 - MISC
Issue/Introduction
How can you secure who can submit a batch job where the jobname starts with a specific letter?
Resolution
JESJOBS validation controls both job submit and job cancel activity. The resource name format is:
SUBMIT.nodename.jobname.userid
CANCEL.nodename.userid.jobname
To validate the JESJOBS Resource Class validations an ACF2 GSO SAFDEF, CLASMAP and resource rule can be implemented.
- The default resource type for JESJOBS is SAF. If you want to use a different type code, insert a GSO CLASMAP record as follows:
ACF
SET CONTROL(GSO)
INSERT CLASMAP.jjobs RESOURCE(JESJOBS) RSRCTYPE(job)
F ACF2,REFRESH(CLASMAP)
Where job is the type code you select. - Write resource rules for JESJOBS SUBMIT resource SUBMIT.nodename.jobname.userid
ACF
SET RESOURCE(job)
RECKEY SUBMIT ADD( -.P- UID( user001 ) PREVENT
RECKEY SUBMIT ADD( - UID(*) ALLOW)
The above RECKEY commands will create the following resource rule that allows all logonids to submit any job and prevent logonid USER001 from submitting any Jobname that starts with the letter P.
$KEY(SUBMIT) TYPE(JOB)
*-.P- UID( USER001 ) PREVENT
- UID(*) ALLOW - Insert a GSO SAFDEF record to enable the SAF calls:
ACF
SET CONTROL(GSO)
INSERT SAFDEF.jjobs ID(jjobs) RACROUTE(REQUEST=AUTH,CLASS=JESJOBS)
F ACF2,REFRESH(SAFDEF)
Additional Information
Additional information can be found in the ACF2 documentation section JESJOBS
Feedback
Yes
No
Powered by
