Activating the JESSPOOL class provides protection for SYSIN and
SYSOUT data sets. However, you might want to allow specific users
to see or work with the SYSIN and SYSOUT data sets created by other
users. To do this, perform the following steps:
- Create JESSPOOL profiles for the spool data sets:
RDEFINE JESSPOOL profile-name UACC(NONE)
where
profile-name is
a 6-part name with the following format:
local-nodename.userid.jobname.jobid.dsidentifier.name
where:
- local-nodename
- is the name of the node on which the SYSIN or SYSOUT data set
currently resides. The local node name appears in the JES job log
of every job.
Note: It is recommended that you define a
profile in the RACFVARS class named &RACLNDE,
and use &RACLNDE for all profiles in the JESSPOOL
class.
- userid
- is the user ID associated with the job. This is the user ID RACF® uses for validation purposes
when the job runs.
- jobname
- is the name that appears in the name field of the JOB statement.
- jobid
- is the job ID assigned to the job by JES. The job ID appears in
notification messages and the JES job log of every job.
- dsidentifier
- is the unique data set identifier that JES assigned
to the spool data set. This identifier is 8 bytes of alphanumeric
characters. It is an encoded printable representation of the internal
data set number (data set key) of the SPOOL data set. The internal
data set number and data set name (which includes the dsidentifier)
are available from the Extended Status SSI (SSI 80).
Note: The first
10 million data sets created by a job can be sorted chronologically
on data set name. The same is true for data sets created after the
first 10 million data sets. However, when the two subsets are sorted
together, the resulting sequence is not in the order of data set creation.
- name
- is the name of the data set specified in the DSN= parameter
of the DD statement. This name cannot be JESYSMSG, JESJCLIN, JESJCL,
or JESMSGLG and follows the naming conventions for
a temporary data set. For the temporary data set naming conventions,
see z/OS MVS JCL Reference.
If the JCL did not specify DSN= on the DD statement
that creates the spool data set, JES uses a single question mark (?).
Note: You can specify generic characters for any
of the qualifiers in the profile name. For example, you can substitute
an asterisk (
*) for one of the qualifiers, such as
jobid,
if it is not known.
A sample JESSPOOL profile name could be as
follows. If user MYUSER submits a job named MYJOB to run on NODEA,
and JES assigns a job ID of JOB08237, and the value of
DSN= for
a SYSOUT data set is OUTPUT, the profile name for a SYSOUT data set
created by this job could be:
NODEA.MYUSER.MYJOB.JOB08237.D0000112.OUTPUT
If
job MYJOB is run several times, and the same protection is desired
for the OUTPUT data set each time, the profile name could be:
NODEA.MYUSER.MYJOB.*.*.OUTPUT
- Give users the appropriate access authority, as follows:
PERMIT profile-name CLASS(JESSPOOL)
ID(userid|groupname)
ACCESS(access-authority)
where access-authority is
one of the following:- NONE
- Gives the user no access.
- READ
- Lets the user view the spool data set, but does not let
the user change the data set's contents or attributes. For example,
READ does not allow the following operands on the TSO OUTPUT
command: DELETE, DEST, NEWCLASS, NOHOLD, and NOKEEP.
- UPDATE
- Lets the user read or update the contents of a spool data set.
UPDATE does not allow the user to change the data set's attributes.
UPDATE also allows users to update spool data sets opened by an application
in the same address space.
- CONTROL
- Is equivalent to UPDATE.
- ALTER
- Lets the user read or update a spool data set or change the attribute
of a spool data set. For example, ALTER allows any operand to be specified
on the TSO OUTPUT command, including operands for deleting and printing.
Also, when specified for a discrete profile, ALTER lets the user change
the profile itself.
Note: If SDSF is installed on your system, JESSPOOL profiles control
which action characters and overtypeable fields users can enter on
SDSF panels. For complete information on creating JESSPOOL profiles
for use with SDSF, see
z/OS SDSF Operation and Customization.