You should not need an exit to accomplish an override of JESSPOOL by
specific users under SDSF. What you need to do is set up your systems
folks with "destination operator" authority, in the SDSF class profiles.
As to z/OS 1.11, nothing has changed. There was an error at z/OS 1.10/11
that has a PTF for authority issues - but this doesn't exactly match the
issue you are describing.
Hayim
_____________________________________
Hayim Sokolsky, CISSP
Mainframe Security Architect
DTCC Corporate Information Security
18301 Bermuda Green Dr, MS 1-CIS
Tampa FL 33647-1760
Tel. (813) 470-2177
IBM Mainframe Discussion List <[email protected]> wrote on 2011.01.24
10:52:10:
> Hello group,
>
> I'd be much appreciate that someone can help this SDSF problem.
>
> We recently migrated from z/OS 1.9 to 1.11 and some TSO users can't
access
> other people's spool output anymore.
>
> We have RACF JESSPOOL class activated and some users had profiles
defined to
> protect JOB output in spool. In order to have SYSPROG and Production
support
> to be able to access individual's job, we use ISFUSER to fall back using
> ISFPARMS.
>
> There is USERID/GROUP filter("GOD" user) in PRESAF exit point to set RC
to
> 04 and CMDAUTH(ALL) and DSPAUTH(ALL) are given in corresponding ISFGRP
> statements.
>
> It doesn't work anymore with z/OS 1.11.
>
> If there is an profile defined in JESSPOOL to protect such userid
output, I
> see ICH408I message in SYSLOG, doesn't matter it's a "GOD" or regular
user.
>
> If there is no profile defined in JESSPOOL for such userid, "GOD" user
has
> no problem to browse those user's job output.
>
> What changed in z/OS 1.11 SDSF?
>
> Thanks for your time/help.
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
<BR>_____________________________________________________________
<FONT size=2><BR>
DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email
in error, please notify us immediately and delete the email and any
attachments from your system. The recipient should check this email
and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted
by this email.</FONT>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
