Protecting operator authority by destination
The resources are shown in Table 1.
| Action Characters and Overtypeable Fields | Resource Name | Class | Access |
|---|---|---|---|
| //, =, +, ? or Q action characters on the DA, H, I, JDS, J0, O, and ST panels | No security checking is done. | N/A | N/A |
| S, X, or V action characters on the H, I, JDS, J0, O, and ST panels | ISFOPER.DEST.jesx
ISFAUTH.DEST.destname.DATASET.dsname |
SDSF | READ
READ |
| S, X, or V action characters on the DA panel | ISFOPER.DEST.jesx
ISFAUTH.DEST..DATASET.dsname |
SDSF | READ
READ |
| D or L action characters on the H, I, O, and ST panels | ISFOPER.DEST.jesx
ISFAUTH.DEST.destname |
SDSF | READ
READ |
| D or L action characters on the DA panel | ISFOPER.DEST.jesx
ISFAUTH.DEST. |
SDSF | READ
READ |
| All others on the H, I, JDS, J0, O, and ST panels | ISFOPER.DEST.jesx
ISFAUTH.DEST.destname |
SDSF | READ
ALTER |
| All others on the DA panel | ISFOPER.DEST.jesx
ISFAUTH.DEST. |
SDSF | READ
ALTER |
If the user does not have authority to both of the required resources, then the user must have access to the individual job or data set defined in the JESSPOOL class.
If your installation is performing SECLABEL checking, a user must be logged on with the appropriate SECLABEL in order to access the JESSPOOL resources even if the user has operator authorization. For more information about SECLABEL checking, see z/OS Security Server RACF Security Administrator's Guide .
The authority level (READ or ALTER) must be the same as the authority for the JESSPOOL resources, as described in Jobs, job groups, output groups, and SYSIN/SYSOUT data sets.