Sorry, if I got things confused. We have JESSPOOL class ACTIVE, but SDSF class INACTIVE.
There are a few profiles defined in class JESSPOOL. To allow certain user access job output even its RACF protected with JESSPOOL, we use PRESAF exit point in ISFUSER to set RC=04 (fall back to ISFPARMS); in ISFPARMS these users have been grouped and granted with CMDAUTH(ALL) and DSPAUTH(ALL). This way used to work on z/OS 1.9, but failed with ICH408I error (checking JESSPOOL) on z/OS 1.11. Could anyone help me find what's wrong here? Thanks. regards, Harry On Mon, 24 Jan 2011 11:36:45 -0500, Hayim Sokolsky <hsokol...@dtcc.com> wrote: >Even in native SDSF, you do not need an exit to give them "destination >operator" authority. You can give them CMDAUTH=DEST and DSPAUTH=ADEST, >along with DEST= pointing to a list of destinations that you are >authorizing. > > >Hayim >_____________________________________ >Hayim Sokolsky, CISSP > Mainframe Security Architect > DTCC Corporate Information Security > 18301 Bermuda Green Dr, MS 1-CIS > Tampa FL 33647-1760 > > Tel. (813) 470-2177 > >IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu> wrote on 2011.01.24 >11:28:11: > >> Thanks Hayim, >> >> For some reasons that I unknown of, our shop has SDSF/GSDSF class >inactive. >> So this is not an option. >> >> regards, >> Harry >> >> >> On Mon, 24 Jan 2011 11:06:20 -0500, Hayim Sokolsky <hsokol...@dtcc.com> >wrote: >> >> >You should not need an exit to accomplish an override of JESSPOOL by >> >specific users under SDSF. What you need to do is set up your systems >> >folks with "destination operator" authority, in the SDSF class >profiles. >> > >> >As to z/OS 1.11, nothing has changed. There was an error at z/OS >1.10/11 >> >that has a PTF for authority issues - but this doesn't exactly match >the >> >issue you are describing. >> > >> > >> >Hayim >> >_____________________________________ >> >Hayim Sokolsky, CISSP >> > Mainframe Security Architect >> > DTCC Corporate Information Security >> > 18301 Bermuda Green Dr, MS 1-CIS >> > Tampa FL 33647-1760 >> > >> > Tel. (813) 470-2177 >> > >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO >> Search the archives at http://bama.ua.edu/archives/ibm-main.html > > ><BR>_____________________________________________________________ ><FONT size=2><BR> >DTCC DISCLAIMER: This email and any files transmitted with it are >confidential and intended solely for the use of the individual or >entity to whom they are addressed. If you have received this email >in error, please notify us immediately and delete the email and any >attachments from your system. The recipient should check this email >and any attachments for the presence of viruses. The company >accepts no liability for any damage caused by any virus transmitted >by this email.</FONT> > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO >Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
