|
|
|
Both JES2 and JES3 run in their own address spaces. Both systems must be started by a console operator command just as any other started task or subsystem must after IPL. Both JES2 and JES3 use their own parameter files, which are normally kept separate from the z/OS parameter library. Because they are designed to provide the job scheduling and initiation functions, both JES systems introduce a number of console operator commands to accomplish this task. JES2 operator commands have a dollar sign ($) as a prefix. JES3 commands begin with an asterisk (*). All of the original operating system commands are still available, which can cause some confusion to those users unfamiliar with JES. This is particularly true when both z/OS and JES use the same command to produce different output. For example, both DA and $DA are DISPLAY ACTIVE commands, but the first is for z/OS and the second is for JES2.
CA Auditor analyzes both JES2 and JES3 parameters. The JES Parms Display (4.1) determines which JES system you have on your system and displays the appropriate information. The System Review Checklist specifies a number of tests that you can perform on key JES parameters. However, you should be aware that, unlike almost all other CA Auditor displays, the JES Parms Displays are based on the contents of the JES2 or JES3 parameter file rather than on the information that resides in z/OS memory. This is because JES runs in its own address space that CA Auditor cannot access without APF authorization. CA Auditor, by its design, is not APF‑authorized, and therefore, must depend on the contents of the JES parameter file. You are, therefore, urged to use the File History Search Display (6.5) to monitor modifications to the JES2 parameter file. Most audit and security experts agree that no one should have standing, unrestricted access to this key file.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |