Jobs, job groups, output groups, and SYSIN/SYSOUT data sets
JES uses the JESSPOOL class to protect SYSIN/SYSOUT data sets and the EVENTLOG, which SDSF uses to display job step information. SDSF extends the use of the JESSPOOL class to protect SDSF job and output group resources as well.
SDSF checks a user's SAF authorization to:
- Job resources on the Display Active Users, Input Queue, and Status panels
- Job groups on the Job Group panel
- Output groups on the Held Output Queue, Job Data Set, Output Queue, and Output Descriptors panels
- SYSIN/SYSOUT data sets on the Job Data Set panel, Job 0 panel, and any other panel used for browsing with the S or V action characters and printing with the X action character
- The JES EVENTLOG data set, used for job step information on the Job Step panel.
Controlling access to the commands that display jobs, job groups and output is described in Authorized SDSF commands.
Protection for each type of resource can be defined separately, so that, for example, a user may be authorized to issue action characters for a job, but not be authorized to browse that job's data sets. Users can always access the JESSPOOL resources they own; they do not need additional authority to work with their own jobs and output.