JES3

JES3 provides the following support for multilevel security:

• All JES3 operator commands are auditable.
• JES3 SYSIN and SYSOUT data sets can be accessed only by the user who created the data sets. However, the user can give explicit permission to access the data set to another user. When any user attempts to access the data, whether the original creator or someone else, JES3 ensures that if the data has a security label, the accessor has a security label that dominates the data's security label.
• The security administrator can protect the JES3 system data sets by assigning them a security label of SYSHIGH. The security administrator can audit accesses to these data sets.
• The security administrator can control submission of work through a particular JES3 input device.
• The security administrator can control what data is output to a particular JES3 output device. To provide even more control, the security administrator can permit only certain owners of data to print the data at a particular output device.