Buck, This is true. Using a user name on the job description provides extra authority for submitted jobs. Creating a program with, say, QSECOFR as the owner and have the CL program adopt the authority is another option. It all depends on the shop and how it is administered. Ultimately, those who administer/operate the machine must have authority to do so. Somebody must be QSECOFR or equivalent. For these people it all boils down to trust. A small number of people must be trusted to run the machine. Potentially, they could also do a lot of damage. Which ever approach is taken, authority is required to create the job description, or the CL program. This authority would not be available to a 'mere operator'. Richard J. Serrano Team Member Team400 Inc. 2447 W. Beverly Blvd. Montebello, CA 90640 Tel. 323 838-5859 Fax 323 726-2940 E-mail: email@example.com Web: www.team400.net ----- Original Message ----- From: "Buck Calabro" <Buck.Calabro@commsoft.net> To: <firstname.lastname@example.org> Sent: Wednesday, August 22, 2001 9:00 AM Subject: RE: [Security400] Authority annoyances, continued... >Create a job description that will be used to submit the >back up job to batch. Ensure that the USER parameter >of the job description specifies the new user (eg. >USER(BACKUPUSER)). Any job submited to batch >using this job description will then run under the new user profile. Not a guru, so this may be wrong, but can't I (a mere operator) do: sbmjob cmd(grtobjaut...) jobd(backupjobd) and give myself authority to anything? Why is this better than having the CL program adopt required authority?
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.