2 Replies Latest reply on Oct 17, 2019 9:27 AM by Feli Brachthaeuser

Mainview RACF Profiles and RACF CLASS JESSPOOL

Feli Brachthaeuser Oct 17, 2019 8:20 AM

Share This:

Hello ,

As it is technicall possible to display JOBOUTPUT in the PLEXMGR View JOBSTAT, there is a need to secure this.

that is the function of these profiles:

BBM.PLEXMGR.targetid.MYC20. ownerpre.SP

BBM.PLEXMGR.targetid.MYC20. ownerid.SO

BBM.PLEXMGR.targetid.MYC20.PURGE.OA

RACF CLASS JESSPOOL defines who can lokk at who's JOBOUTPUT.

Are those RACF resource profiles in addition to the access right to resoruces in JESSPOOL?

Can one bypass JESPOOL's definitions with these resources?

Thanks,
Feli

1. Re: Mainview RACF Profiles and RACF CLASS JESSPOOL

Bill Blair Oct 17, 2019 9:20 AM (in response to Feli Brachthaeuser)

Those resources are "in addition" to those used by the Job Entry Subsystems themselves. They protect the same thing, basically, but have different scope and granularity. MainView's resources are more "general" in some sense and are intended to control access to SPOOL data sets to a degree that is likely to be sufficient for the majority of our customers who do not use any of the resources in CLASS JESSPOOL. For those that do use JESSPOOL, it may still be useful to use the MainView resources you identified in your question (for example, it could serve to somewhat limit access so that there are fewer violations for the JESSPOOL resources, which are sometimes difficult to manage at many sites because of complex or obscure naming conventions).

There is no way to bypass the resource access authorizations made for JESSPOOL. They are done by JES (et al.).
Like Show 0 Likes(0)

Actions
2. Re: Mainview RACF Profiles and RACF CLASS JESSPOOL

Feli Brachthaeuser Oct 17, 2019 9:27 AM (in response to Bill Blair)

Thanks, Bill!
Like Show 0 Likes(0)

Actions

Communities