Protecting JESNEWS
JESNEWS is an informational data set that prints after the header separator page of a job, if required. Generally, this data set is of interest to all job submitters, so it is important that all users can read this information (UACC of READ).
The resource name for JESNEWS has the form:
nodeid.jesid.$JESNEWS.STCtaskid.Dnewslvl.JESNEWS
where:- nodeid
- Is the name of the node that created the JESNEWS data set.
- jesid
- Is the userid associated with your JES2 system.
- taskid
- Is the name of the task that created the JESNEWS data set.
- newslvl
- Is the level of this copy of JESNEWS. The value of newslvl varies from 0000101 to 0065535.
The RACF® profile name for JESNEWS on NODEB created
by JOB01 is:
NODEB.SYSTEM.$JESNEWS.JOB01.D0000101.JESNEWS
To
prevent unauthorized updating of JESNEWS, your RACF administrator
must define another profile. This profile is in the RACF OPERCMDS
class and any userids authorized to update JESNEWS must have CONTROL
access to the profile. The JESNEWS update profile has the following
form: jesname.UPDATE.JESNEWS
If RACF is
not active, JES2 requests authorization to update JESNEWS from the
operator.Note: If RACF and the SECLABEL class are active, RACF assigns the security label of the last job that updated JESNEWS
to the JESNEWS profile. This could cause jobs with lower security
labels than the updating job to miss important information and RACF will record security violations for jobs accessing JESNEWS that
did not previously occur. To make JESNEWS accessible to all users,
the job that creates it should have a security label of SYSLOW and
the data set profile should have a UACC of READ. If the security label
is greater than SYSLOW, JESNEWS will not print in the output of any
jobs submitted with a lower security label.