Hi Mark, When a user attempts to select a job, SDSF does an authorization check for each individual SYSOUT DDNAME associated with the job and can generate multiple violations like this.
To address this issue, see article " Avoiding Output Browse Violation Messages in SDSF" in the July 2008 issue of our RACF Tips newsletter. https://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__July_2008.pdf Regards, Bob Robert S. Hansel 35 years of RACF Experience Lead RACF Specialist RSH Consulting, Inc. 617-969-8211 www.linkedin.com/in/roberthansel www.twitter.com/RSH_RACF www.rshconsulting.com -----Original Message----- Date: Mon, 23 May 2022 20:55:48 +0000 From: "Steely.Mark" <steely.m...@aaa-texas.com> Subject: SDSF & TSS (RACF) I am trying to convert our SDSF from using ISFPARMS to TSS for security. I need some direction on how to provide security for reports. Currently I am trying to use JESSPOOL to control access. The customer is allowed to view all currently active and held output jobs but may only look at certain JOBS & REPORTS. During testing I have this occurring: The customer is trying to view this job (which the customer is not authorized) COMMAND INPUT ===> PREFIX=* DEST=(ALL) OWNER=* SYSNAME= NP DDNAME StepName ProcStep DSID Owner C Dest JESMSGLG JES2 2 TS0242 R LOCAL JESJCL JES2 3 TS0242 R LOCAL JESYSMSG JES2 4 TS0242 R LOCAL The above is displayed when I put a ? in the Held output screen. This is just to show you the report has 3 different reports. Then the customer goes back to the screen which shows the job name: SDSF HELD OUTPUT DISPLAY ALL CLASSES LINES 55 LINE 1 COMMAND INPUT ===> PREFIX=B1* DEST=(ALL) OWNER=* SORT=JOBNAME/A SYSNAME= NP JOBNAME JobID Owner Prty C ODisp Dest B100042B JOB09087 TS0242 144 R HOLD LOCAL Then select the job and receives the following messages: TSS7257E Unauthorized Access Level for JESSPOOL <ACSCM.TS0242.A200042B.JOB09143.D0000002.JESM> TSS7257E Unauthorized Access Level for JESSPOOL <ACSCM.TS0242.A200042B.JOB09143.D0000003.JESJ> TSS7257E Unauthorized Access Level for JESSPOOL <ACSCM.TS0242.A200042B.JOB09143.D0000004.JESY> TSS7141E Use of Accessor ID Suspended TSS7191E Job/Session Cancelled - Excessive Violations TSS7192E Session Locked - Excessive Violations: Signoff CS0042 LOGGED OFF TSO AT 14:57:54 ON MAY 23, 2022 IKJ56453I SESSION CANCELLED ****** I would hate to think someone would accidently try to look at an output they are not authorized to view and get their ID suspended. Maybe I am going at this all wrong. Is there a different way I should be doing this? Any help would be appreciated. We are currently at z/OS v2.4. Thank You ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
