JES Class name
|
JES relation
|
Entities
|
ACCESS LEVEL
|
DATASET
|
Dataset Names
|
Files
|
None, Read, Update, Alter
|
JESINPUT
|
Conditional access support for commands or jobs entered into the system through a JES input device. INTRDR = Jobs submitted via Internal Reader as a result of executing JCL. STCINRDR=Jobs submitted via Internal Reader as a result of the execution of a CICS or IMS transaction. TSUINRDR = Jobs submitted via the ESMAC JES "Control" page and/or the cassub command line interface.
|
INTRDR, STCINRDR, TSUINRDR
|
None, Read
|
JESJOBS
|
Controlling the submission and cancellation of jobs by job name.
|
CANCEL.nodename.userid.jobname (for job cancellation authority)
SUBMIT.nodename.jobname.userid (for job submissions)
where nodename is the name of the enterprise server.
Note:
Note:
These rules are not typically used, but they do provide granularity of control for those environments with special requirements.
|
NONE
Allows no access.
READ
Allows user to submit jobs
UPDATE
Equivalent to READ.
CONTROL
Equivalent to UPDATE.
ALTER
Allows jobs to be cancelled
|
JESSPOOL
|
Controlling access to job data sets on the JES spool (Joblog, SYSOUT and Messages.
|
localnodeid.userid.jobname.jobid.dsnumber.name
where
- localnodeid is the name of the enterprise server
- dsnumber is the relative dataset number for the job e.g. 001
- name is the dd name
Note:
These rules are not typically used, but they do provide granularity of control for those environments with special requirements.
|
NONE
Allows no access.
READ
Allows user to view the spool data set, but not change its attributes. For example, this does not allow the following keywords on the OUTPUT command: NOKEEP, NOHOLD, DELETE, NEWCLASS, and DEST.
UPDATE
Allows to update a spool data set.
CONTROL
Equivalent to UPDATE.
ALTER
Allows any operand specified on the TSO OUTPUT command, including deleting and printing. Also, when specified for a discrete profile, allows the user to change the profile itself.
|
SURROGAT
|
JES Class for controlling access to job submission by surrogates. If UserA wants to submit a job to run as UserB then he must have "Read" access to the SURROGAT class for entity UserB.SUBMIT
|
execution-userid
.SUBMIT
For example, if USERA as USERB's surrogate, Enterprise Server will check that USERA has read access for the entity, USERB.SUBMIT in the SURROGAT class.
|
None, Read
|