JES2 does not validate work passing through your node on its way to another node in the network, but it does protect the work from unauthorized access while the work is temporarily stored at your node.

To provide security for Networking Job Entry (NJE), have your security administrator activate the RACF NODES class (for inbound work) or the RACF WRITER class (for outbound work), and define the profiles needed to enforce your installation's networking security policy. As with other RACF-protected resources, you must provide your security administrator with specific information needed to define profiles.

Before you can provide this information, you must first decide whether you want to protect inbound work, outbound work, or both. For inbound work, you must decide whether you want to protect jobs, SYSOUT, or both. You must also determine which users or groups of users you will allow to submit work, and the security labels that are valid for processing on your node.

If a WRITER class profile does not release SYSOUT to a device, JES2 does not issue a message. To issue messages, see Exit 36 in z/OS JES2 Installation Exits.