2 Replies Latest reply on Oct 17, 2019 9:27 AM by Feli Brachthaeuser

    Mainview RACF Profiles and RACF CLASS JESSPOOL

    Feli Brachthaeuser
      Share This:

      Hello ,

       

      As it is technicall possible to display JOBOUTPUT in the PLEXMGR View JOBSTAT, there is a need to secure this.

      that is the function of these profiles:

      BBM.PLEXMGR.targetid.MYC20. ownerpre.SP

      BBM.PLEXMGR.targetid.MYC20. ownerid.SO

      BBM.PLEXMGR.targetid.MYC20.PURGE.OA

       

      RACF CLASS JESSPOOL defines who can lokk at who's JOBOUTPUT.

      Are those RACF resource profiles in addition to the access right to resoruces in JESSPOOL?

      Can one bypass JESPOOL's definitions with these resources?

       

      Thanks,
      Feli

        • 1. Re: Mainview RACF Profiles and RACF CLASS JESSPOOL
          Bill Blair

          Those resources are "in addition" to those used by the Job Entry Subsystems themselves. They protect the same thing, basically, but have different scope and granularity. MainView's resources are more "general" in some sense and are intended to control access to SPOOL data sets to a degree that is likely to be sufficient for the majority of our customers who do not use any of the resources in CLASS JESSPOOL. For those that do use JESSPOOL, it may still be useful to use the MainView resources you identified in your question (for example, it could serve to somewhat limit access so that there are fewer violations for the JESSPOOL resources, which are sometimes difficult to manage at many sites because of complex or obscure naming conventions).

           

          There is no way to bypass the resource access authorizations made for JESSPOOL. They are done by JES (et al.).