Access to spool files
You can access and manage permissions for all spool files through Job Monitor.
By default, you have browse access to all spool files
through Job Monitor. You can change this with the LIMIT_VIEW directive,
as documented in Job Monitor configuration file BLZJCNFG.
| Job owner | ||
|---|---|---|
| LIMIT_VIEW | User | Other |
| USERID | Allowed | Not allowed |
| NOLIMIT (default) | Allowed | Allowed if permitted by security profiles, or when the
JESSPOOL class is not active. |
To limit users to their own jobs on the JES spool, define
the LIMIT_VIEW=USERID statement in the Job Monitor configuration
file BLZJCNFG. If they need access to a wider range
of jobs, but not to all jobs, use the standard spool file protection
features of your security product, like the JESSPOOL class.
When
defining further protection, remember that Job Monitor uses SAPI (SYSOUT
application program interface) to access the spool. This means that
the user needs at least UPDATE access to the spool
files, even for browsing. This requisite does not apply if you run z/OS® 1.7 (z/OS 1.8 for JES3) or higher. Here, READ permission
is sufficient for browsing.
Refer to Security Server RACF® Security Administrator's Guide (SA22-7683) for more information about JES spool file protection.