Initial Access to Screen 3
IOASECUR is called to issue a security check for authorization. The CLASS checked is FACILITY; the entity checked is $$CTMPNL3.qname.
Subsequent Operations in Screen 3
For all actions (for example, hold, delete, rerun) that are performed on this screen, the IOASECUR module is called to issue a security check for authorization. The CLASS and entity checked is:
For RACF:
SURROGAT
owner.SUBMIT
For TopSecret:
ACIDCHK
owner
For ACF2/SAF:
FACILITY
$SUBMIT.owner
The check verifies that the current user who has the authority to submit jobs with a USER parameter is equal to that of the specific job being accessed. A user who is authorized to submit a job on behalf of others is also authorized to perform the specific action (for example, hold, delete, rerun) on jobs belonging to other users.
Parent Topic |