What version of z/OS and/or SDSF? Which SAF are you going to? RACF, TSS, ACF2
The section on Security to SAF in SDSF manual SDSF Operation and Customization SA22-7670 should be helpful You can give operators access to jobs, output groups, or SYSIN/SYSOUT data sets for a particular destination, without authorizing the operators to those jobs, output groups, or SYSIN/SYSOUT data sets through the JESSPOOL class. This destination operator authority is the equivalent of specifying DEST for CMDAUTH and ADEST for DSPAUTH in ISFPARMS. This is also used for authorizing destinations as described in “Destination names” on page 182. To provide destination operator authority you: 1. Give the user READ authority to the ISFOPER.DEST.jesx profile in the SDSF class. This identifies a user as a destination operator for the SDSF session. 2. Give the user authorization for the profiles that protect destinations for jobs, Lizette -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Leonardo Vaz Sent: Monday, August 19, 2013 1:18 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: SDSF ISFPARMs to SAF security Hello list, We are willing to migrate from ISFPARM to SAF for our SDSF security, the thing that is preventing us is that there is no direct replacement for NOTIFY or GROUP in the CMDAUTH and DSPAUTH parameters. Any of you had a problem with this and could manage a workaround? Regards, Leonardo Vaz ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
