Under RACF control, the JESSPOOL class profiles control what jobs the user
can view, modify (change class), or purge. One thing not supported under
RACF control is accessing a job based upon the JOB card NOTIFY= parameter.
That is only supported in native SDSF, and not supported under RACF.
Under RACF, users always have the ability to view or purge their own jobs.
That is, jobs that ran under their own UserID. If a user submitted a job
with USER= on the job card (a third-party job), they must have access via
the JESSPOOL profile that manages the job. The basic JESSPOOL format is
nodename.userid.jobname (with some additional suffixes....). For example,
if a user submits a job with USER=PAOLO, then the user needs ALTER access
to *.PAOLO.** to purge or cancel the job.
In a RACF controlled SDSF setup, you only need one or two SDSF groups. The
difference is that the security properties that you maintain in SDSF
natively are handled by RACF classes, and this reduces the SDSF groups
down to a smaller number. The only things that remain in the SDSF groups
are non-security settings like default prefix value, automatic refresh
rate, and other similar items.
Hayim
_____________________________________
Hayim Sokolsky, CISSP
Mainframe Security Architect
DTCC Corporate Information Security
18301 Bermuda Green Dr, MS 1-CIS
Tampa FL 33647-1760
Tel. (813) 470-2177
ITURIEL DO NASCIMENTO NETO <[email protected]>
Sent by: IBM Mainframe Discussion List <[email protected]>
2009.09.23 09:25
Please respond to
IBM Mainframe Discussion List <[email protected]>
To
[email protected]
cc
Subject
SDSF and RACF
Hi all,
Maybe it's a dumb question, but i would like to know how you do it.
In a SDSF environment not protected by RACF, using ISFPARMS you can have
several
skills (ISFOPER, ISFSPROG, ISFUSER,...) with different permitions.
I'm particularly interested in ISFUSER skill.
When you have RACF protecting SDSF resources, how do you allow users to
cancel only
jobs submited by them or with NOTIFY to them ?
Atenciosamente / Regards / Saludos
Ituriel do Nascimento Neto
Banco Bradesco S/A
4254 - DPCD Engenharia de Software
Sistemas Operacionais Mainframes
Tel: 55 11 4197-2021 R: 22021 Fax: 55 11 4197-2814
<HTML><font face="Tahoma" size="1"><HR>AVISO LEGAL <br>Esta mensagem é
destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo
conter informação confidencial e/ou legalmente privilegiada. Se você
não for destinatário desta mensagem, desde já fica notificado de
abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma,
utilizar a informação contida nesta mensagem, por ser ilegal. Caso você
tenha recebido esta mensagem por engano, pedimos que nos retorne este
E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua
base de dados, registros ou sistema de controle. Fica desprovida de
eficácia e validade a mensagem que contiver vÃnculos obrigacionais,
expedida por quem não detenha poderes de representação.
<HTML><font face="Tahoma" size="1"><HR>LEGAL ADVICE <br>This message is
exclusively destined for the people to whom it is directed, and it can
bear private and/or legally exceptional information. If you are not
addressee of this message, since now you are advised to not release, copy,
distribute, check or, otherwise, use the information contained in this
message, because it is illegal. If you received this message by mistake,
we ask you to return this email, making possible, as soon as possible, the
elimination of its contents of your database, registrations or controls
system. The message that bears any mandatory links, issued by someone who
has no representation powers, shall be null or void.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
<BR>_____________________________________________________________
<FONT size=2><BR>
DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email
in error, please notify us immediately and delete the email and any
attachments from your system. The recipient should check this email
and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted
by this email.</FONT>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
