SDSF & TSS (RACF)

Mon, 23 May 2022 13:55:56 -0700 

I am trying to convert our SDSF from using ISFPARMS to TSS for security.

I need some direction on how to provide security for reports.

Currently I am trying to use JESSPOOL to control access.
The customer is allowed to view all currently active and held output jobs but 
may only look at certain JOBS & REPORTS.

During testing I have this occurring:

The customer is trying to view this job (which the customer is not authorized)

COMMAND INPUT ===>
PREFIX=*  DEST=(ALL)  OWNER=*  SYSNAME=
NP   DDNAME   StepName ProcStep DSID Owner    C Dest
     JESMSGLG JES2                 2 TS0242   R LOCAL
     JESJCL   JES2                 3 TS0242   R LOCAL
     JESYSMSG JES2                 4 TS0242   R LOCAL

The above is displayed when I put a ? in the Held output screen.
This is just to show you the report has 3 different reports.

Then the customer goes back to the screen which shows the job name:

SDSF HELD OUTPUT DISPLAY ALL CLASSES LINES 55          LINE 1
COMMAND INPUT ===>
PREFIX=B1*  DEST=(ALL)  OWNER=*  SORT=JOBNAME/A  SYSNAME=
NP   JOBNAME  JobID    Owner    Prty C ODisp Dest
     B100042B JOB09087 TS0242    144 R HOLD  LOCAL


Then select the job and receives the following messages:

TSS7257E Unauthorized Access Level for JESSPOOL 
<ACSCM.TS0242.A200042B.JOB09143.D0000002.JESM>
TSS7257E Unauthorized Access Level for JESSPOOL 
<ACSCM.TS0242.A200042B.JOB09143.D0000003.JESJ>
TSS7257E Unauthorized Access Level for JESSPOOL 
<ACSCM.TS0242.A200042B.JOB09143.D0000004.JESY>
TSS7141E Use of Accessor ID Suspended
TSS7191E Job/Session Cancelled - Excessive Violations
TSS7192E Session Locked - Excessive Violations: Signoff
CS0042 LOGGED OFF TSO AT 14:57:54 ON MAY 23, 2022
IKJ56453I SESSION CANCELLED
******

I would hate to think someone would accidently try to look at an  output they 
are not authorized to view and get their ID suspended.

Maybe I am going at this all wrong.

Is there a different way I should be doing this?

Any help would be appreciated.

We are currently at z/OS v2.4.

Thank You






----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to