RE : z/OS Batch Job Submission From z/VM

Tue, 18 Oct 2005 00:40:30 -0700 

We are running z/VM and submitting jobs to z/OS.
The problem is to allow some specific z/VM users to run some jobs under
z/OS.

Here, we decided to use a little server that receives the z/VM user job,
scans in a table (in which each authorized z/VM user is described) the
authority for the z/VM user to run z/OS jobs. If that user is allowed to run
jobs, the server inserts a RACF user in the job card and then submits the
job to z/OS. The z/VM user receives back the output to the Reader. The
server table is maintained by the z/VM team.

The RACF team has defined a surrogate user that is allowed to run jobs with
specific authorities. Only the server userid is allowed in RACF to submit
jobs under z/OS. So when a z/VM user wants to submit directely his job to
the z/OS, he receives a security violation.

The server is used in order to prevent any unauthorized user to submit job
to z/OS. 

:-)  Laurent Dubois - Equipe VM 




          _____  

Laurent Dubois
*  [EMAIL PROTECTED]
*  03 28 55 63 88 - 22 53 88
*  03 28 55 63 22 - 22 63 22
SNCF - DSIV XS MM Systeme VM
Centre Informatique de Lille
Pont de Tournai - 59041 LILLE CEDEX 
  _____  



-----Message d'origine-----
De : VM/ESA and z/VM Discussions [mailto:[EMAIL PROTECTED] De la
part de Judson West
Envoyé : lundi 17 octobre 2005 20:15
À : [email protected]
Objet : z/OS Batch Job Submission From z/VM


This is really RACF related, but I thought I'd come here first since there
is probably at least one shop on this list that has both z/VM and z/OS. We
have several userids submitting batch jobs to our z/OS system. We don't have
any of these userids defined to RACF on z/OS. What we would like to do is
have some sort of "group" userid on z/OS that the submitting users on VM can
reference on their JOB cards and be validated that way. For example,
submitting VM userids BOB1-BOBn can submit using a USER=BOB on their job
card. RACF would then validate that BOB1-BOBn could submit jobs based on the
rules covering BOB on z/OS. What needs to be done in z/OS RACF to allow
this, if possible?

-----------------
Judson West
Teradata, a division of NCR Corporation

Reply via email to