Actually, it's an MVS and JES question; the issues would be the same if you were using, e.g., ACF2.
Entering system commands in the jobstream is an obsolete technique dating back to OS/360 and entering JES commands in the jobstream is an obsolete technique dating back to HASP and ASP. In most cases you can issue the commands from a batch TSO step at the time you need them. Restricting the job name to userid plus one character made sense in OS/360 R30.1, when there was no other way to track the owner of the job. It only applies to jobs processed by the SUBMIT command, and the normal way to control it is with a SUBMIT exit. You could control it with a JES exit - don't go there. My advice would be to rethink your security policies, deploy profiles at the group level to control job and command submission, and to remove restrictions on job names. You might also consider whether any of your batch jobs could be better controlled if they ran under proxy userids. Whatever you do, it will be helpful to have management buy-in before you proceed. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Robert Hahne [roberthahne...@hotmail.com] Sent: Wednesday, May 6, 2020 4:34 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: TSO/E SUBMIT exit Hello listers , I understand this is a RACF question . But thought someone can help me here . We have a requirement where TSO submit exit IKJEFF10 needs to be eliminated . Currently it is written to ensure only those users with TSOAUTH(OPER) are allowed to submit jobs with any name . Rest of the users are only allowed to submit jobs that begins with their USERID . Also , the users are not allowed to issue JES commands in batch unless they have TSOAUTH(OPER) . Can we get both of these requirements done using RACF profiles ? Any pointers are highly appreciated Regards, Robert ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
