MFA now uses the RACF classes JESSPOOL and JESJOBS to check a user's authority to read or delete a job on the spool. See z/OS Security Server RACF Security Administrator's Guide for more information. When a request to read (IMPORT) a job or SYSOUT is received the following JESSPOOL profile is checked:
When a CANCEL, HOLD, or RELEASE command is received one of the following JESJOBS profiles are checked:
CANCEL.nodename.userid.jobname HOLD.nodename.userid.jobname RELEASE.nodename.userid.jobname
If no profile is defined then MFA reverts to checking the job's ownership.