Defining RACF Profiles for JES Spool Access

MFA now uses the RACF classes JESSPOOL and JESJOBS to check a user's authority to read or delete a job on the spool. See z/OS Security Server RACF Security Administrator's Guide for more information. When a request to read (IMPORT) a job or SYSOUT is received the following JESSPOOL profile is checked:

When a CANCEL, HOLD, or RELEASE command is received, first an SDSF-style JESSPOOL profile is checked:


If that does not exist one of the following JESJOBS profiles is checked:


If no profile is defined then MFA reverts to checking the job's ownership.