z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Example: Simple NJE user translation using &SUSER

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Figure 1 shows how user IDs are translated when &SUSER is specified on the ADDMEM operand. This can be useful when jobs are run on a remote system, but the output is printed on the submitter's system.

Note: If you want, you could specify &SUSER on a third system (as in node C in Figure 1).
Figure 1. Example: Simple NJE user translation using &SUSERExample: Simple NJE user translation using &SUSER

User X is known as user Y on node B. In this example, user X on node A submits a job that runs on node B. The output is returned to user X's home node (node A) to be printed.

On node B, the existence of a NODES profile named A.USERJ.X with UACC(UPDATE) and ADDMEM(Y) means that jobs from user X at node A are to be executed under user Y.

On node A, the existence of a NODES profile named B.USERS.Y with UACC(UPDATE) and ADDMEM(&SUSER) means that SYSOUT from user Y at node B is to be owned by the user who originally submitted the job, provided the second lookup is successful. The second lookup involves the submitter of the job (X) and the node that he submitted it from (A). Therefore, on node A, the existence of a NODES profile named A.USERS.X with UACC(CONTROL) and ADDMEM(&SUSER) means that the SYSOUT is to be owned by user X.

Parent topic: Translating security information

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014