Beyond the standard CA ACF2 JES security interface, there are other security
calls that you can enable. These security calls are made using the System
Authorization Facility (SAF).
JESJOBS validation controls both job submit and job cancel activity. The
resource name format is:
To validate the JESJOBS Resource Class validations an ACF2 GSO SAFDEF, CLASMAP
and resource rule can be implemented.
- The default resource type for JESJOBS is SAF. If you want to use a different type
code, insert a GSO CLASMAP record as follows:
INSERT CLASMAP.jjobs RESOURCE(JESJOBS) RSRCTYPE(job)
Where job is the type code you select.
- Write resource rules for JESJOBS SUBMIT resource SUBMIT.nodename.jobname.userid
RECKEY SUBMIT ADD( -.P- UID( user001 ) PREVENT
RECKEY SUBMIT ADD( - UID(*) ALLOW)
The above RECKEY commands will create the following resource rule that allows
all logonids to submit any job and prevent logonid USER001 from submitting any
Jobname that starts with P.
-.P- UID( USER001 ) PREVENT
- UID(*) ALLOW
- Insert a GSO SAFDEF record to enable the SAF calls:
INSERT SAFDEF.jjobs ID(jjobs) RACROUTE(REQUEST=AUTH,CLASS=JESJOBS)