Previous Topic: Batch UsersNext Topic: Satisfy the R-NOUID Requirement

Implementing Security with CA Top SecretJob Submission

Job Submission

CA WA CA 7 Edition maintains a record of USERIDs that can be associated with a CPU job from queue entry to job submission. This association is not applicable to XPJOB or agent job definitions. XPJOB job and agent job submission security is described in the topic Security Considerations for Cross-Platform Scheduling. For agent jobs, also see Define the Agent Submission/Command Security.

If requested, a USERID can be inserted into the JCL of a job, before submission, to satisfy batch security requirements on your system. CA WA CA 7 Edition has five potential sources for USERIDs:

Job Owner

Specifies a USERID from the OWNER field for a job on the job definition panel. (SUBUID value of OWNER)

JCL ID

Specifies a USERID that exists in the JCL of a job at entry into the request queue. If the JCL of a job contains a USERID at queue entry, USERID insertion does not take place. The JCL ID overrides all other USERIDs.

Requester

Specifies the USERID of the user that requests a job through the DEMAND, LOAD, or RUN commands. (SUBUID value of REQ)

Queue JCL

Specifies the USERID of a user editing the queued JCL of a job in the CA WA CA 7 Edition request queue. (SUBUID value of QJCL)

CA-7

Specifies the USERID assigned to CA WA CA 7 Edition at startup. If requested, the CA WA CA 7 Edition ID is propagated to submitted jobs. (SUBUID value of CA7)

The specification of the SUBUID keyword on the SECURITY statement in the initialization file determines the priority of USERID sources. The SUBUID keyword specifies a hierarchy of USERIDs for JCL insertion.

At submission time, CA WA CA 7 Edition scans the USERID hierarchy to determine if a USERID is available from the first hierarchy entry. If an ID is found, it is inserted into the JCL of a job, and the job is submitted, assuming all other requirements are met. If an ID was not found, the next source entry is checked for an available ID.

This process continues until an ID is found and inserted into the JCL. If all potential sources have been checked and a USERID is not available, CA WA CA 7 Edition checks the status of the SUBNOID flag. The SUBNOID keyword specified on the SECURITY statement in the initialization file sets the SUBNOID flag. If SUBNOID=YES, a job can be submitted without a USERID. If SUBNOID=NO, jobs cannot be submitted without a valid USERID. The jobs are moved back to the request queue with a requirement status of R-NOUID. The R-NOUID status indicates that all USERID sources were checked, and no valid USERID was found for JCL insertion.