Radoslaw Skorupka pisze: >Yes, there is a solution, quite good IMHO. It is called OPERCMDS - a RACF >class. >Instead of operator decision I strongly prefer the rules enforced by security >server.
Indeed. Ability to block commands despite source [1] is still the best. Here, I agree to agree with Radoslaw!!! Note: there are TWO sources of COMMAND in JCL: //[name] COMMAND 'command ...' and /*$command-verb,.... Both resulting commands can still be blocked by RACF or any other ESM. On the otherside, we limit usage of that JCL statements by JOBCLASS. >If the user is not authorized to issue GIVEN command, he will not be able to >do it neither from job, nor from EMCS console. Agreed. Even if you open up the SDSF '/', you still need to open up the OPERCMDS class for that user. The OP needs to re-train his/her auditor. Groete / Greetings Elardus Engelbrecht [1] - Including SVC 34. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
