z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Controlling access to data sets JES uses

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

The JES spool and checkpoint data sets are critical for proper operation of your JES system. It is critical that JES be the only user that can update the information in these data sets. However, a limited group of users must be able to re-create the spool and checkpoint data sets (should the data set become unusable because of hardware problems). Also, restrict access to the data set that contains the modules that JES uses. Make sure profiles exist for any data sets you might use for JES2 checkpoint reconfiguration.

You can define data set profiles to protect the system data sets that JES uses to control its own processing. Protecting your installation's system data sets prevents unauthorized users or jobs from accessing, modifying, or destroying critical system data.

The JES system programmer should supply you with the following information for each data set to be protected:
  • The name of the data set
  • The universal access authority to be associated with the data set
  • The security label to be associated with the data set (if labels are being used)
  • Whether audit records should be generated:
    • Each time the data is accessed
    • When an unauthorized attempt is made to access the data set
    • When an authorized attempt is made to access the data set

Make sure to define JES as a started procedure with the trusted attribute. See Defining JES as a RACF started procedure.

Parent topic: Providing security for JES

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014