On Thu, 23 Mar 2017 08:03:48 -0500, Elardus Engelbrecht wrote: > >Sources of jobs: > >- Programs spitting something out in INTRDR (This is, for example, what I do >for every day. I use LISTC and CSI to build up DDs as concatenated input >before submit) >- SJ in SDSF or similar products > That, and many others below, use ISPF Edit/Browse, which uses TSO SUBMIT after copying to a temp DS, making tracing harder.
>- FTP >- Scheduler ( ... and Control-O which can submit something based on activated >rules) >- ISPF panels for other products (DB2 utilities, zSecure, etc.) can build up >jobs for you. >- "Launcher job" - A job which spits something in INTRDR - Note, "launcher >job" is not my invention, it was mentioned last year. [1] >- Submit it yourself from a PS dataset, OMVS file, etc. >- Use Unix or zLinux (and perhaps others) pipe command '|' to pump something >into JES2 > That would be /bin/submit which uses the Rexx submit() function. >- Exits (My SMFU29 exit does sort of that automagically that when a MANx fills >up. I said sort of, because it is actually it issues 'S <STC>' (not Submit) to >start a STC with that MANx dataset as parameter. Yet another job from a >library. ;-D ) > >There are other sources from where jobs can be submitted... > - Certainly NJE. - For a guest z/OS, another guest may spool punch to that guest's virtual reader. IIRC, Ed J. (Mark Z.?) said that still works. But that reader could be varied off. Do any of these *not* use INTRDR? >To track: > >You can use RACF and SMF to track who is the OWNER of that job. >Or better, use RACF to control usage of JOB accounting lines and monitor any >changes of libraries. Think about SMF 42 for member auditing. >Implement better security in Control-M and Control-O using that OWNER in your >job schedule. > >(You can try to enforce job standards, but you will get some crazies who like >to bypass any standards your trying to enforce.) > >Or, just close down all INTRDR for fun. Then you have no z/OS to play with, >but have lots of time to battle with angry users... > Restrict allocating SYSOUT(,INTRDR) to APF authorized programs, then front-end all (how many?) authorized programs/services to write tracking records (SMF?) And you may find your worst offenders have fairly high privilege. That *should*not* involve a collateral requirement that all INTRDR input be Fixed-80. >Note: Not even JES2 can see from where the job is coming, because another >address space is placing contents from a source into INTRDR. Only when you >close that INTRDR, then JES2 picks up whatever there is and tries to interpret >it. > That just makes it harder to meet the OP's requirement which I see as somewhat legitimate. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
