JOBSECURITY



JOBSECURITY

     Designates what level of user may request resources and
     control the execution of jobs.

SYNTAX

     JOBSECURITY [{HIGH},{LOW }
                 [;PASSEXEMPT={NONE},{USER},{XACCESS},{MAX}]


PARAMETERS

HIGH                Permits only the operator logged on at the console
                    to use job control commands.

LOW                 Allows individual users to exercise control over
                    their own jobs.

           If you do not specify HIGH or LOW, the current job
security status is displayed.
NONE,USER,
XACCESS, or MAX
The PASSEXEMPT option set by the system manager,
which has the following meaning:

NONE All users must specify the required
passwords to stream a job.

USER Allows certain users to omit a job's
password. The system manager can omit
the password when streaming any job,
account managers can omit passwords
when streaming jobs that log onto
their account and to which they have
access, and users can omit passwords
for jobs that match their logon identity
and to which they have access.

XACCESS Allows users with execute access to the
job file to omit passwords when the job
file logs on with the same identity as
its owner or creator.

MAX Sets both the USER and XACCESS options
of the PASSEXEMPT parameter. Specifying
MAX is the only way to set both options
since USER and XACCESS are mutually
exclusive.

OPERATION

     The HIGH and LOW parameters of the JOBSECURITY command determine
     what kind of user may execute the ABORTJOB, ALTJOB, BREAKJOB and
     RESUMEJOB commands.  When JOBSECURITY is set to HIGH, only the
     operator may issue these commands.  When it is set to LOW, any
     user may issue these commands for their own jobs (i.e., those
     where the job's user name and account matches the user's) and
     Account Managers may control the execution of any job in their
     account.

     System managers may use the PASSEXEMPT parameter of the
     JOBSECURITY command to control password validation when users
     stream a job. If you have never used the PASSEXEMPT parameter
     and if the HP Security Monitor is not installed, the initial
     state is NONE, which means that job passwords are required.
     When you reboot the system with a START RECOVERY the last
     PASSEXEMPT state is preserved.

     PASSEXEMPT provides some of the functionality of the HP
     Security Monitor.  For example, PASSEXEMPT=USER is equivalent
     to the stream privilege feature.  PASSEXEMPT=XACCESS is similar
     to the stream authorize feature with one difference: you may set
     the USER XACCESS options independently, whereas HP Security
     Monitor requires you to enable stream privilege when you want
     to enable the stream authorize feature.

     JOBSECURITY checks for the existence of HP Security Monitor and,
     if necessary, combines the settings to produce appropriate
     output.  When the PASSEXEMPT parameter is issued and the
     interaction with the HP Security Monitor produces a different
     result, you will see a warning and a notification that the HP
     Security Monitor is installed. The resulting command output
     is also displayed with the warning.

     You may issue the JOBSECURITY command from a session, job,
     program or in BREAK. Pressing [Break] has no effect on this
     command.  It may be executed only from the console unless it
     is distributed to users with the ALLOW command.


EXAMPLE(S)

     To allow any user to abort, alter, break, or resume their
     own jobs, enter

     JOBSECURITY LOW

     To find out the current JOBSECURITY status, enter:

     JOBSECURITY
     JOB SECURITY IS HIGH. PASSEXEMPT IS NONE.

     To set the password exemption to USER and then check the current
     status, enter:

     JOBSECURITY ;PASSEXEMPT=USER
     JOBSECURITY

     JOB SECURITY IS LOW. PASSEXEMPT IS USER.

     Suppose PASSEXEMPT is currently set to USER, and you want to
     change it to XACCESS.  To do so, enter:

     JOBSECURITY ;PASSEXEMPT=XACCESS

     Then check the current status by entering:

     JOBSECURITY
     JOB SECURITY IS LOW. PASSEXEMPT IS XACCESS.

     If the HP Security Monitor is installed with both stream
     privilege and authorization turned on, the JOBSECURITY command
     will display a warning when the output produces a different result.

     JOBSECURITY ;PASSEXEMPT=USER
     Security Monitor is installed. Passexempt is MAX. (CIWARN 3128)

     ADDITIONAL INFORMATION

     Commands:   ABORTJOB, ALTJOB, BREAKJOB, RESUMEJOB

     Manuals :   Performing System Operation Tasks (32650-90137)