Prerequisites and security considerations
To submit JCL to the Job Monitor, the Job Monitor must be running on the same system as the build agent.
When JCL is submitted using the build agent and Job Monitor, you can control what user the JCL is submitted under by whether the build agent is started by a super user or non-super user and by which configuration parameters you use in bfagent.conf.
To configure the communication between the Job Monitor and the build agent, you can use either the jcl_submit_user parameter or the enable_credential_retention parameter and thejob_monitor_port parameter set to appropriate values in the bfagent.conf configuration file.
where userid is the system ID of the user submitting jobs, and encrypted_password is an encrypted version of that user password. You can find the encrypted form of the password by running the following line at the z/OS® UNIX System Services command prompt:
where password is the password to be encrypted. The command will print a text string containing the encrypted value. The result will be similar to the following:
bfagent –e password
where XXXX is the Job Monitor port. This port should match your SERV_PORT setting for Job Monitor, which is set to 6716 in the hlq.SBLZSAMP(BLZJNCFG) file, or it should match your existing IBM® Developer for z/OS Job Monitor port.
want to be able to submit JCL with the credentials of different users,
use the enable_credential_retention option instead
of jcl_submit_user. When the enable_credential_retention
is enabled the agent reuses the credentials used to authenticate with
the agent when the agent authenticates with the Job Monitor. Individual
users can submit JCL builds under their authority by using the Build
Agent Authentication Overrides options when submitting
the build. To use the enable_credential_retention option,
the build agent must be started by a super user.
you have both enable_credential_retention and jcl_submit_user enabled,
then jcl_submit_user takes precedence. In either
case, you can still explicitly specify the user ID and password using
-u option to
.submitJCL, specified as:
- jcl_submit_user data in
- Credentials used to authenticate with the agent either listed
on the Build Agent tab of the build engine definition
or from the Build Agent Authentication Overrides if enable_credential_retention is
- If the build agent is started by a super user:
- The build agent definition can use a super user or non-super user
- The priority for evaluating JCL submission is:
- The enable_credential_retention will allow you to override the user using Build Agent Authentication Overrides
- If the build agent is started by a non-super user:
- You can use
- If you enable magic_login and enable_credential_retention, JCL will run under the magic_login user but you cannot override
- You can use