> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[email protected]] On Behalf Of Rick Fochtman > Sent: Monday, October 05, 2009 2:33 PM > To: [email protected] > Subject: Re: Multiple jobs/same name <snip> > But you still need to prevent testers from submitting jobs with a > production USERID. We used a TSO exit to remove USER/PASSWORD > parms from > the JOB statement. Got a better idea? > > Please remember: much of what I describe was developed before > RACF was > able to filter job submission. > > Rick >
Use a PROTECTED id in RACF and SURROGAT authority to allow the scheduler's RACF id to submit jobs with the specified ID(s). PROTECTED says that you cannot use USER= & PASSWORD= on the job card to assign the RACF id. RACF will simply not allow it. The attempt fails with a RACF error. SURROGAT says that the scheduler can specify USER= without PASSWORD= to run a job with the specified (authorized) RACF id. This is what we do with CA-7 scheduling. Of course, you still need the submit exit for non-PROTECTED ids which a person may know the password to. And it is easy to bypass: //MYIDA JOB //SUBMIT EXEC PGM=IEBGENER //SYSPRINT DD SYSOUT=* //SYSIN DD DUMMY //SYSUT2 DD SYSOUT=(*,INTRDR) //SYSUT1 DD DISP=SHR,DSN=some.pds(member) some.pds(member): //OTHERID JOB USER=otherid,PASSWORD=password //* THE REST OF THE JOB //* ... // -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell [email protected] * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
