Production Job Scheduling Systems (such as CA‑Scheduler®) can be given full authority to submit any job as required. This authority can be:
To give the Job Scheduler unrestricted job submission authority, the ACID under which it runs must have the NOSUBCHK attribute attached to it through a TSS CREATE/ADD entry. Since this attribute bypasses all job submission security checking and auditing, it is not the recommended procedure.
To provide control over the Job Scheduler's job, the ACID can be limited to a certain facility and/or privileged program.
Examples: job submission
In this example, the ACID JSACID is permitted to access ACID1 only through the CASOMS HA$PSUBS privileged program.
TSS PERMIT(JSACID) ACID(ACID1)
PRIVPGM(CASOMS HA$PSUBS)
Note: When using JES2 3.1.3 and above, HA$PSUBS must be included as a privileged program if there are any PRIVPGM values in use.
Use the PERMIT command function to specify a list of ACIDs that a Job Scheduler is authorized to submit.
In this example, JSACID is the ACID assigned to the Job Scheduling system. ACID1, ACID2, and so on, are the ACIDs associated with the batch jobs that the scheduler is authorized to permit.
TSS PERMIT(JSACID) ACID(ACID1,ACID2,...ACIDn)
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|