S 2.287 Batch job planning for z/OS systems

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

When using a z/OS system as batch processing system, it is absolutely necessary to plan, monitor, and process the procedure of these jobs for a larger number of batch jobs. Since this activity can hardly be performed manually without errors anymore, automation software, so-called job schedulers, should be used to control the procedure of the batch jobs.

Tasks of the job schedulers

The task of the job schedulers mainly consists of the functions

• starting the batch jobs
• monitoring the operating condition of the batch jobs (furthermore, ensuring that resources are available)
• reviewing the results (using return codes) of the batch jobs
• tracing the dependencies of batch jobs
• administering the status of the batch jobs
• corrective actions when an error occurs

The security safeguards required to protect the job scheduler against misuse should be implemented by a security system such as RACF (Resource Access Control Facility).

The following information relating to the use of the job scheduler should be taken into account:

OPERATIONS attribute

Using the RACF attribute OPERATIONS for identifying the started task of the job scheduler should be avoided. Otherwise, there is the risk of batch jobs started with this identifier having access to virtually all production data (see S 2.289 Use of restrictive z/OS IDs and S 4.211 Use of the z/OS security system RACF). If the manufacturer requires the OPERATIONS attribute for operating the job scheduler, the manufacturer should be consulted regarding any existing alternatives.

Use of RACF-SURROGAT IDs

In order to prevent the batch jobs from running under the possibly highly authorised ID of the job scheduler from the job scheduler, it should be considered whether RACF-SURROGAT IDs can be used as procedural identifiers. Here, the disadvantages of this function must be taken into consideration (see S 2.289 Use of restrictive z/OS IDs).

Procedural files

The procedural files of the job scheduler must be protected by means of RACF in such a way that the procedural files can only be accessed by employees who actually require this access for their job. The number must be restricted to a minimum. A substitute arrangement absolutely must be in place.

The ID of the job scheduler must have read access to all procedural files in order to be able to start the batch jobs accordingly.

Tool access

The job scheduler is mostly controlled using an ISPF dialogue (Interactive System Productivity Facility). Access to the job scheduler should only be granted to employees requiring access for their work, as well as their substitutes. The site and data access protection should be provided by RACF. If this is not possible, internal security mechanisms of the scheduler must be used.

System administration

Whenever possible, the administration of the batch jobs in the job scheduler should be protected using RACF in such a way that each user group such as system administrators, space management, or RACF administration may only view and edit its own batch jobs.

Review questions:

• Are so-called job schedulers used for controlling the procedure of batch jobs when using a z/OS system?
• Is the job scheduler protected against misuse on the z/OS system by a security system (e.g. RACF)?
• Has it been ensured for z/OS systems that the ID of the job scheduler dispenses with the RACF attribute OPERATIONS?
• Are site and data accesses to the job scheduler program protected using RACF for z/OS systems?