SUBJCL Security

When a job is submitted into the internal reader, the user ID associated with the job must have enough security authorization to process the data but must not have too much authorization that it opens up a security breach. The Platform Server handles the user ID associated with the submitted job in three ways.

Note: If the JOB card of the submitted job contains USER and PASSWORD parameters, they override the user ID under whose authority the job is submitted.

The Platform Server supplies the following three ways to define the user ID that submits the job:

Use the user ID and password associated with the file transfer. This is the default method.
Use the user ID of the Platform Server started task.
Use a predefined user ID that can be defined for each SUBJCL entry.

The SUBJCL processing can fail when you specify all the following situations:

A job must be submitted on a file transfer failure.
Use the user ID and password associated with the file transfer.
The transfer fails because the user ID and password are invalid.

In this case, the SUBJCL processing cannot be performed because the Platform Server cannot log on with the file transfer user ID and password. As a result, a message is displayed indicating why the job submission cannot be completed.

When a job is submitted, the Platform Server reads the JCL cards from one of the following two datasets:

From the DSN defined in the JCL parameter if a fully qualified DSN is specified.
From the GLOBAL JOB_SUBMIT_DSN parameter if a member name is specified by the JCL parameter.

Note: The user associated with the job must have READ access to these datasets. If the user does not have access to the dataset, then the job submission request fails and an error message is displayed.