Surrogate job submission

In a multilevel-secure system it is important that users do not share user IDs and passwords, in order to ensure accountability. If you need to allow a user to submit a job on behalf of another user, you can set up surrogate job submission. Profiles in the SURROGAT resource class specify that a user (the surrogate user) is able to submit a job on behalf of another user (the execution user). The surrogate user does not need to supply the execution user's password, but must have read access to the security label under which the job runs. The job runs with the user ID that the jobcard specifies, not the surrogate user's user ID. The audit record for surrogate job submission identifies both the surrogate user and the jobcard user ID.

To define which jobs are allowed to be submitted by surrogate users, the security administrator creates a profile for each appropriate job in the SURROGAT resource class, and permits the submitting user to the access list in the specific job profile with at least READ access.

For information about surrogate job submission, see z/OS Security Server RACF Security Administrator's Guide.