Security protection

When Control-M JCL Verify Monitor handles a JCL verification request, and IOA Security is activated, the monitor uses the Security Access Environment (Access Authority Profile) of the user ID requesting the verification. This security arrangement ensures that the Control-M/JCL Verification process is limited to the access rights of the corresponding user ID (TSO logon, batch job, or IOA Online Monitor session) outside the Control-M JCL Verify Monitor. The user ID, requesting the JCL verification, is passed to the Control-M JCL Verify Monitor together with other data describing the verification request, such as which job(s) or JCL(s) are to be verified and other various verification parameters.

Security Access Environment Elements (for users requesting verifications) are created by the Control-M JCL Verify Monitor and saved in a cache maintained by the monitor. Additional requests from the same user do not require the creation of new elements, since the elements for that user are available from the cache. The NEWSECDEF modify command for Control-M JCL Verify Monitor can be issued to refresh the Security Access Environment Elements in cache, without stopping and restarting the monitor.

When a JCL verification request is received from a remote node (that is, a verification request from a Control-M JCL Verify monitor running on an LPAR other than the local one) and the user ID, which issued the verification request from the remote node, is undefined in the local security system, the Control-M/JCL Verification installation parameter RMTUSER can be used instead of the requestor user ID. For more information about the RMTUSER installation parameter, see the INCONTROL for z/OS Installation Guide: Installing.