friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvrevjobdesc.htm

80 lines
5.3 KiB
HTML
Raw Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Review job descriptions" />
<meta name="abstract" content="You should periodically review job descriptions to make sure that they do not run unintended programs. Use object authority to prevent changes to job descriptions." />
<meta name="description" content="You should periodically review job descriptions to make sure that they do not run unintended programs. Use object authority to prevent changes to job descriptions." />
<meta name="DC.Relation" scheme="URI" content="rzamvmonsubsystem.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="revjobdesc" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Review job descriptions</title>
</head>
<body id="revjobdesc"><a name="revjobdesc"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Review job descriptions</h1>
<div><p>You should periodically review job descriptions to make sure that
they do not run unintended programs. Use object authority to prevent changes
to job descriptions.</p>
<p>Job descriptions contain request data and routing data that can cause a
specific program to run when that job description is used. When the job description
specifies a program in the request data parameter, the system runs the program.
When the job description specifies routing data, the system runs the program
that is specified in the routing entry that matches the routing data. </p>
<p>The system uses job descriptions for both interactive and batch jobs. For
interactive jobs, the workstation entry specifies the job description. Typically,
the workstation entry value is *USRPRF, so the system uses the job description
that is specified in the user profile. For batch jobs, you specify the job
description when you submit the job. </p>
<p>Job descriptions can also specify what user profile the job should run
under. With security level 40 and higher, you must have *USE authority to
the job description and to the user profile that is specified in the job description.
With security levels lower than 40, you need *USE authority only to the job
description.</p>
<p>You should use object authority to prevent changes to job descriptions.
*USE authority is sufficient to run a job with a job description. A typical
user does not need *CHANGE authority to job descriptions.</p>
<p>Finally, you should ensure that the default values for the Submit Job (<span class="cmdname">SBMJOB</span>)
command and the Create User Profile (<span class="cmdname">CRTUSRPRF</span>) command
have not been changed to point to unintended job descriptions.</p>
<div class="section"><h4 class="sectiontitle">Using the PRTJOBDAUT command</h4><p>Use
the Print Job Description Authority (<span class="cmdname">PRTJOBDAUT</span>) command
to print a list of job descriptions that specify user profiles and have public
authority of *USE. In the SECBATCH menu, specify either option <span class="uicontrol">15</span> (to
submit immediately) or option <span class="uicontrol">54</span> (to use the job scheduler)
to issue the <span class="cmdname">PRTJOBDAUT</span> command.</p>
<p>The report from
the <span class="cmdname">PRTJOBDAUT</span> command shows the special authorities of
the user profile that is specified in the job description. The report includes
the special authorities of any group profiles that the user profile has. You
can use the following command to display the user profiles private authorities: <kbd class="userinput">DSPUSRPRF
USRPRF(<var class="varname">profile-name</var>) TYPE(*OBJAUT)</kbd> </p>
<p>The
job description specifies the library list that the job uses when it runs.
If someone can change a users library list, that user might run an unintended
version of a program in a different library. You should periodically review
the library lists that are specified in the job descriptions on your system. </p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvmonsubsystem.htm" title="This article provides suggestions for reviewing the subsystem descriptions that currently exist on your system.">Monitor subsystem descriptions</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink