Defining RACF Profiles for JES Spool Access

MFA now uses the RACF classes JESSPOOL and JESJOBS to check a user's authority to read or delete a job on the spool. See z/OS Security Server RACF Security Administrator's Guide for more information. When a request to read (IMPORT) a job or SYSOUT is received the following JESSPOOL profile is checked:

nodename.userid.jobname.jobid.dsidentifier.name

When a CANCEL, HOLD, or RELEASE command is received, first an SDSF-style JESSPOOL profile is checked:

nodename.userid.jobname.jobid

If that does not exist one of the following JESJOBS profiles is checked: [2]

CANCEL.nodename.userid.jobname
HOLD.nodename.userid.jobname
RELEASE.nodename.userid.jobname

If no profile is defined then MFA reverts to checking the job's ownership.