Jantje pointed out what seems the sensible solution, use the ACF2 JESSPOOL resource class:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-acf2-for-z-os/16-0/administrating/jes-security.html Using JES(2?) exits might be too much: not many shops like exits these days since then they need to employ clever sysprogs that know assembler to maintain. I'll point out that as of z/OS 2.4, IBM have begun introducing JES2 Policies intended to replace JES2 exits. Another more trivial solution might be to restrict to a certain privileged set of users the ability to view that SYSOUT class via SDSF using ISFPARMS/PARMLIB(ISFPRMxx). Others would probably stop using that class if it doesn't do them any good. Ant. -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Keith Costley Sent: Tuesday, 3 March 2020 7:33 AM To: [email protected] Subject: JES2 - stopping users from sending output to specific outputclass We are having an issue with users using a restricted output class based on standards. We are looking for a way to prevent this from happening by canceling the job if the JCL contains SYSOUT=X. We are an ACF2 shop but I am unaware if ACF2 security can limit this through a security definition. The other option is a possible exit. Has anyone done this in the past and has a suggestion on the best approach? Thanks, Keith Costley ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
