Users can create their own JESSPOOL profiles if
they have CLAUTH authority to the JESSPOOL class. If your installation
decides to put the SETROPTS GENERICOWNER option into effect, you can
restrict each user to creating JESSPOOL profiles only for his or her
own spool data.
To do this, perform the following steps:
- Issue this command:
SETROPTS GENERICOWNER
- To prevent all users except the system administrator
from being able to create JESSPOOL profiles, issue either of the following
commands:
RDEFINE JESSPOOL ** OWNER(sys_admin_id) UACC(NONE)
RDEFINE JESSPOOL * OWNER(sys_admin_id) UACC(NONE)
- For each user who should be able to create JESSPOOL
profiles for his or her own spool data, create a JESSPOOL profile
with the user's user ID specified. Make the user the owner of the
profile. For example, for users SMITH and BEN:
RDEFINE JESSPOOL nodename.SMITH.** OWNER(SMITH) UACC(NONE)
RDEFINE JESSPOOL nodename.BEN.** OWNER(BEN) UACC(NONE)
Note: These
examples assume that a SETROPTS GENERIC(JESSPOOL) was previously issued
to turn generics on for this class and that a SETROPTS REFRESH was
then done.
- Give users CLAUTH authority to the JESSPOOL class:
ALTUSER SMITH CLAUTH(JESSPOOL)
ALTUSER BEN CLAUTH(JESSPOOL)
- Users with CLAUTH authority can define their own JESSPOOL
profiles:
RDEFINE JESSPOOL profile-name OWNER(SMITH) UACC(NONE)
RDEFINE JESSPOOL profile-name OWNER(BEN) UACC(NONE)
where profile-name is
more specific than the JESSPOOL profile name you defined for this
user in Step 3.
- After defining their own JESSPOOL profiles, the users
with CLAUTH can use the following PERMIT command to grant other users
access to the spool data sets protected by that profile:
PERMIT profile-name CLASS(JESSPOOL)
ID(userid|groupname)
ACCESS(access-authority)
where access-authority is
one of the following: - NONE
- Gives the user no access.
- READ
- Lets the user view the spool data set, but does not let
the user change the data set's contents or attributes. For example,
READ does not allow the following operands on the TSO OUTPUT
command: DELETE, DEST, NEWCLASS, NOHOLD, and NOKEEP.
- UPDATE
- Lets the user read or update the contents of a spool data set.
UPDATE does not allow the user to change the data set's attributes.
UPDATE also allows users to update spool data sets opened by an application
in the same address space.
- CONTROL
- Is equivalent to UPDATE.
- ALTER
- Lets the user read or update a spool data set or change the attribute
of a spool data set. For example, ALTER allows any operand to be specified
on the TSO OUTPUT command, including operands for deleting and printing.
Also, when specified for a discrete profile, ALTER lets the user change
the profile itself.
Note: If SDSF is installed on your system, JESSPOOL profiles control
which action characters and overtypeable fields users can enter on
SDSF panels. For complete information on creating JESSPOOL profiles
for use with SDSF, see
z/OS SDSF Operation and Customization.