Protecting operator authority by destination
The resources are shown in Table 1.
Action Characters and Overtypeable Fields | Resource Name | Class | Access |
---|---|---|---|
//, =, +, ? or Q action characters on the DA, H, I, JDS, J0, O, OD, and ST panels | No security checking is done. | N/A | N/A |
S, X, or V action characters on the H, I, JDS, J0, O, OD, and ST panels | ISFOPER.DEST.jesx |
SDSF | READ |
S, X, or V action characters on the DA panel | ISFOPER.DEST.jesx |
SDSF | READ |
D or L action characters on the H, I, O, and ST panels | ISFOPER.DEST.jesx |
SDSF | READ |
D or L action characters on the DA panel | ISFOPER.DEST.jesx |
SDSF | READ |
All others on the H, I, JDS, J0, O, OD, and ST panels | ISFOPER.DEST.jesx |
SDSF | READ |
All others on the DA panel | ISFOPER.DEST.jesx |
SDSF | READ |
If the user does not have authority to both of the required resources, then the user must have access to the individual job or data set defined in the JESSPOOL class.
If your installation is performing SECLABEL checking, a user must be logged on with the appropriate SECLABEL in order to access the JESSPOOL resources even if the user has operator authorization. For more information about SECLABEL checking, see z/OS Security Server RACF Security Administrator's Guide .
The authority level (READ or ALTER) must be the same as the authority for the JESSPOOL resources, as described in Jobs, output groups, and SYSIN/SYSOUT data sets.