MFA now uses the RACF classes JESSPOOL and JESJOBS to check a user's authority to read or delete a job on the spool. See z/OS Security Server RACF Security Administrator's Guide for more information. When a request to read (IMPORT) a job or SYSOUT is received the following JESSPOOL profile is checked:
nodename.userid.jobname.jobid.dsidentifier.name
When a CANCEL, HOLD, or RELEASE command is received, first an SDSF-style JESSPOOL profile is checked:
nodename.userid.jobname.jobid
If that does not exist one of the following JESJOBS profiles is checked: [2]
CANCEL.nodename.userid.jobname HOLD.nodename.userid.jobname RELEASE.nodename.userid.jobname
If no profile is defined then MFA reverts to checking the job's ownership.