Authorizing jobs

You can control which network jobs are authorized for processing at your installation based on the userid, groupid, or security label associated with the inbound job.

To authorize or restrict jobs entering your system from another node, ask your security administrator to define a NODES profile that specifies the criteria upon which jobs are accepted. Provide your security administrator with the following information:

The node name from which you expect jobs.
The user ID or group ID from which you expect jobs.
The security labels that you will accept.
The universal access value, which determines how JES2 will process the job. Table 1 lists the universal access values you can assign and defines the validation that RACF® performs.

Table 1. NODE class keywords and the UACC meaning for inbound jobs
Type of check (keyword)	UACC
Type of check (keyword)	NONE	READ	UPDATE	CONTROL or greater
userid (USERJ)	Fails the job	Verifies all security information available including password validation.	If non-default valid security information exists, uses the submitter's or translated security information as the owning security information without revalidation.	Same as UPDATE, but default security information is allowed.
groupid (GROUPJ)	Fails the job	Translates GROUPID to that specified in ADDMEM. If ADDMEM is not specified, uses the group ID received.
security label (SECLJ)	Fails the job	Translates SECLABEL to that specified in ADDMEM. If ADDMEM is not specified, uses the security label received.

Note: If no profile exists for a job when the NODES class is active or if the RACF NODES class is inactive, RACF performs only userid, groupid, and password validation without performing any translation.