Batch Operations › Security Considerations

Previous Topic: Batch Jobs

Next Topic: Job Control Statements and Job File Format

Security Considerations

For access verification purposes, a CA Top Secret ACID and password must be provided in the JCL for each batch job. A pseudo-logon of the user specified is performed during job initiation, and this ACID’s security information is used to verify access to the batch facility and to the resources required for the selected batch function. See the heading entitled: “Job Control Statements And Job File Format” below for information on specifying the ACID and password.

Job output, in the form of JCL messages and printed or punched program output, is automatically routed back to the virtual reader of the user submitting the job. Jobs may be submitted from a userid on the same VM system as the server machine, or from a userid on another system via the RSCS network. Networked jobs must contain only standard punched card formats, like those submitted locally, and not contain NETDATA records or DISK DUMP formatted records; therefore, do not use SENDFILE to submit these jobs. A sample SUBTSS EXEC is supplied for submitting jobs over the network.

Due to the sensitive nature of the output of some batch operations, it is important to guarantee that this output is not routed to the wrong user. The originating VM userid of locally submitted jobs is easily identified by CA Top Secret. It must be stressed, though, that such jobs must not be submitted from ID’s shared by non-authorized personnel. Otherwise, an unauthorized user has access to program output intended for CA Top Secret security administrators.

CA Top Secret security for batch jobs can be extended to the program level. As a result, in addition to checking for access to the BATCH facility, a security check is also performed for the PROGRAM resource. This allows you to give the administrator access to the TSSUTIL batch programs, for example, without giving him the ability to run any of the others.

Various messages are issued during batch job processing. These not only provide necessary information to the job submitter, but also provide a log of CA Top Secret batch activity in the system.