How to avoid security violations when validating JCL members using CA JCLCheck Workload Automation?

Document ID : KB000024034
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary:

This Knowledge Document explains how to avoid USERID suspension due to excessive security violations when validating JCL members using CA JCLCheck Workload Automation.

Instructions:

The CA JCLCheck Workload Automation programs must be given READ access to all input sources during JCL validation. Input sources are the JCL libraries, procedure libraries, utility control members, catalogs, volumes, joblib, steplib, and linklist libraries. This requirement is true regardless of the use of the SECURITY runtime option.

The CA JCLCheck Workload Automation "SECURITY" runtime option is used to request support of the pre-validation of the security environment. This means that CA JCLCheck Workload Automation interfaces with the external security program (such as CA ACF2, CA TOP SECRET, IBM RACF) to verify that the submitting USERID has the proper authority to access the programs, procedures, data sets, volumes, and catalogs referenced in the validating JCL member. Userid suspension occurs due to excessive security violations and can be avoided by using the sub-parameter NOLOG. Example: SECURITY(NOLOG) or SEC(NOLOG).

Additional Information: 

  • CA JCLCheck Workload Automation Command Reference Guide, Chapter 3 - Description of Runtime Options.
  • CA JCLCheck Workload Automation Programming Guide, Chapter 3 - Special Usage Considerations - Security Pre-validation.

As always, please contact CA Technologies support for CA JCLCheck Workload Automation if you have further questions.