JESINTERFACELEVEL (FTP server) statement

Use the JESINTERFACELEVEL statement to specify the FTP-to-JES interface to be used by the installation. With JESINTERFACELEVEL 1, FTP users can submit jobs to JES, retrieve held output matching their logged-in user ID plus one character, and delete held jobs matching their logged-in user ID plus one character.

With JESINTERFACELEVEL 2, FTP users can retrieve and delete any job in the system for which they have the security access facility (SAF) resource class JESSPOOL access. Their ability to submit jobs is governed by the JESJOBS class SAF resource. JESINTERFACELEVEL 2 should only be specified if security measures are in place to ensure process access to JES output. For more information about SDSF security see z/OS SDSF Operation and Customization.

JESINTERFACELEVEL 2 uses the SAPI interface to JES, so READ authority to the JESSPOOL resource is required to list job status or retrieve job output. See z/OS JES2 Initialization and Tuning Guide for more information about JES security. See z/OS MVS Using the Subsystem Interface for more information about the SAPI interface.

The SAF controls used for JESINTERFACELEVEL 2 are essentially a subset of those used by SDSF. Therefore, if an installation has customized SAF facilities for SDSF, it is configured for FTP JES JESINTERFACELEVEL 2.

JESSPOOL defines resource names as [nodeid].[userid].[jobname].[Dsid].[dsname]. An FTP user can delete job output if it has ALTER access to the resource that matches its node ID, user ID, and job name (generics can be used). If the FTP client has READ access to the resource, it can list or retrieve the job output. FTP uses three filters to control the display of jobs. These filters employ SDSF resources. The first filter, JESSTATUS, can be changed by an FTP client by way of the SITE command to filter jobs in INPUT, ACTIVE, or OUTPUT state. The second filter, JESOWNER, has the value of the logged-in user ID by default. The third filter, JESJOBNAME, has the value of the logged-in user ID plus an asterisk (*) by default. JESSTATUS uses the SDSF resources ISFCMD.DSP.INPUT.jesx, ISFCMD.DSP.ACTIVE.jesx, and ISFCMD.DSP.OUTPUT.jesx. At login time, the default value for JESSTATUS is set to ALL if READ access is allowed to all three classes. Otherwise, the server attempts to set the value to OUTPUT, ACTIVE, and then INPUT if the appropriate READ access is allowed. If no READ access is allowed to any of the classes, JESSTATUS is set to OUTPUT but JESOWNER and JESJOBNAME cannot be changed from their default values. In this way, SAF controls can be put in place to limit FTP users to whatever status of jobs an installation requires.

Authority to change JESOWNER is obtained by way of READ access to RACF® profile ISFCMD.FILTER.OWNER. Authority to change JESJOBNAME is obtained by way of of READ access to RACF profile ISFCMD.FILTER. An FTP client with READ access to ISFCMD.FILTER.OWNER is allowed to change the JESOWNER parameter by way of the SITE command. An FTP client with READ access to ISFCMD.FILTER.PREFIX is allowed to change the JESJOBNAME parameter by way of the SITE command.

Parameters

1

Specifies that FTP users can submit jobs to JES, retrieve held output matching their logged-in user ID plus one character, and delete held jobs matching their logged-in user ID plus one character. This is the default.

2

Specifies that FTP users can retrieve and delete any job in the system for which they have the security access facility (SAF) resource class JESSPOOL access. Their ability to submit jobs is governed by the JESJOBS class SAF resource.

Guideline: JESINTERFACELEVEL 2 should only be specified if security measures are in place to ensure process access to JES output.

Related topics

• FILETYPE (FTP client and server) statement
• JESENTRYLIMIT (FTP server) statement
• JESGETBYDSN (FTP server) statement
• z/OS Communications Server: IP Configuration Guide for information about JESINTERFACELEVEL