To protect JESNEWS for JES3, perform the following steps:
- Ask the JES3 system programmer for the following information:
- The fully qualified name for the JESNEWS file to be protected.
- The universal access authority to be associated with each JESNEWS
file. For JESNEWS, this value should always be READ to allow all JES
users to receive JESNEWS.
- The user IDs or group names of operators and users that are to
be authorized to update JESNEWS. Assign each of these users an access
authority of UPDATE.
- The security label to be associated with each JESNEWS file (if
security labels are being used). For JESNEWS, this value should always
be the lowest security label (SYSLOW) to allow JESNEWS to be printed
for all users.
- Create profiles as indicated by the JES3 system programmer. For
example:
RDEFINE JESSPOOL node.jesname.JOB00000.D0000000.JNEWSLCL UACC(READ)
RDEFINE JESSPOOL node.jesname.JOB00000.D0000000.JNEWSRJP UACC(READ)
RDEFINE JESSPOOL node.jesname.JOB00000.D0000000.JNEWSTSO UACC(READ)
Note: To
improve system performance, you should consider including
entries for JESNEWS in the global access checking table. For example:
node.jesname.JOB00000.D0000000.JNEWSLCL/READ
node.jesname.JOB00000.D0000000.JNEWSRJP/READ
node.jesname.JOB00000.D0000000.JNEWSTSO/READ
- For users who must update JESNEWS, give UPDATE authority:
PERMIT profile-name CLASS(JESSPOOL) ID(userid or groupname) ACCESS(UPDATE)
z/OS Security Server RACF Security Administrator's Guide
Copyright IBM Corporation 1990, 2014