[prev in list] [next in list] [prev in thread] [next in thread]
List: racf-l
Subject: Re: JOBCLASS protection
From: Marc Van der Meer1 <Marc_vd_Meer () NL ! IBM ! COM>
Date: 2020-08-20 7:50:12
Message-ID: OFE680E680.B8648C8A-ONC12585CA.002ACA20-C12585CA.002B0C87 () notes ! na ! collabserv ! com
[Download RAW message or body]
Let me rephrase - the switch profiles are in FACILITY, the jobclass
specific profiles need to be defined in JESJOBS. So the manual is not
wrong, it simply does not specify JESJOBS.
Marc
From: Bob Bridges <robhbridges@GMAIL.COM>
To: RACF-L@LISTSERV.UGA.EDU
Date: 20.08.2020 02:01
Subject: [EXTERNAL] JOBCLASS protection
Sent by: RACF Discussion List <RACF-L@LISTSERV.UGA.EDU>
I don't understand the answers this OP has been getting. I've never done
it myself, but surely it's simply a matter of creating a profile for
governing what CLASS may or may not be used and qualifying it using WHEN?
From the SysAdm manual:
/* Quote #1: */
Controlling job class usage:
An installation can control job class usage by granting access based on
the submitter?s profile, or based on the owner?s profile, or both. The
control is based on the presence or absence of two FACILITY class
profiles:
> If the profile JES.JOBCLASS.OWNER is defined in the FACILITY class, job
class profiles for owners are enforced.
> If the profile JES.JOBCLASS.SUBMITTER is defined in the FACILITY class,
job class profiles for submitters are enforced.
> If both profiles are defined in the FACILITY class, a job class must
pass both sets of profiles before it is considered valid.
> If neither profile is defined in the FACILITY class, any job class can
be used.
The job class profiles are of the form:
JOBCLASS.localnodeid.jobclass.jobname
where:
localnodeid Is the name of the node on which the job is located
jobclass Is the 1 - 8 character job class that is being controlled
jobname Is the name that is in the name field of the JOB statement
/* Quote ends */
/* Quote #2: */
Limiting when a user can access the system:
Installations can limit a user's ability to log on by limiting:
> The user's ability to log on to the system to certain days of the week,
and certain hours within each day
> The use of individual terminals (in the TERMINAL class only) to certain
days of the week, and certain hours within each day
To limit the times during which a user can enter the system, use the WHEN
operand on the ADDUSER and ALTUSER commands. For example, to specify that
USER12 can enter the system only on weekdays between the hours of 7:00
a.m. and 5:00 p.m., enter:
ADDUSER USER12 WHEN(DAYS(WEEKDAYS) TIME(0700:1700))
Similarly, to control when users can access the system from a specific
terminal, specify the WHEN operand on the RDEFINE and RALTER commands for
the appropriate profile. For example, to specify that terminal TRM07C can
be used at any time during the week, but not at all during the weekend,
enter:
RDEFINE TERMINAL TRM07C WHEN(DAYS(WEEKDAYS))
Note that on the RDEFINE command, TIME(ANYTIME) is the default. The WHEN
operand on these commands (for both users and terminals) allows you to
specify individual days and specific times within these days.
/* Quote ends */
Am I missing something obvious? Is RACF going to complain that WHEN is
valid on TERMINAL-class profiles but not on other classes?
---
Bob Bridges, robhbridges@gmail.com, cell 336 382-7313
/* Back in the old days, most families were close-knit. Grown children
and their parents continued to live together, under the same roof,
sometimes in the same small, crowded room, year in and year out, until
they died, frequently by strangulation. -Dave Barry */
-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of
Shaun Totulis
Sent: Wednesday, August 19, 2020 16:55
I have been approached to restrict access to a specific jobclass during
business hours, but to open it up during off hours and weekends.
I am wondering if there is a way to restrict a specific groups access
based
on day and time. I think I have heard about something like this but can
not find it anywhere. Any guidance or a different approach would be
greatly appreciated.
Tenzij hierboven anders aangegeven: / Unless stated otherwise above:
IBM Nederland B.V.
Gevestigd te Amsterdam
Inschrijving Handelsregister Amsterdam Nr. 33054214=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic