Job header security section

Header Fields

The job header security section contains information for identifying the owner or submitter user associated with the NJE job (SYSIN or SYSOUT). Treat information as a token to be interpreted by the security facility component of the trusted computer base.

Identified by an identifier field of X’8C’ and a modifier field of X’00’. Can be built as part of a created NJE work element (job or SYSOUT) or added to a forwarded work element.

NJHTLENP

Prefix subsection's length. You cannot change the value for this field.

Type and range: 2 binary (4-32764)

Default value: 4

NJHTFLG0

Flag byte.

Length and type: 1 byte

Default value: 0

Contains this bit:

NJHTF0JB (80 bit in NJHTFLG0)

Security section represents the NJE job owner. Bit not set indicates the NJE job submitter.

Type: bit 80

Default value: 0

NJHTVERS

Security section version.

Length, type, and range: 1 binary (1-255)

Default value: X'01'

NJHTFLG1

Flag byte.

Length and type: 1 byte

Default value: 0

Contains these bits:

NJHT1EN (80 bit in NJHTFLG1)

Indicates security section (from NJHTSTYP on) is encrypted. Encryption algorithm is private to the security product.

Type: bit 80

Default value: 0

NJHT1EXT (40 bit in NJHTFLG1)

Indicates security section format. B'1' indicates external format used exclusively in NJE.

Type: bit 40

Default value: 1

NJHTSNRF (20 bit in NJHTFLG1)

Indicates that the data set was sent from a system without RACF version 1.9.

Type: bit 20

Default value: 1

NJHTSTYP

Security session type. A 7 indicates batch job type.

Length, type, and range: 1 binary (1-255)

Default value: X'07'

NJHTFLG2

Flag byte.

Length and type: 1 byte

Default value: none

Contains these bits:

NJHT2DFT (80 bit in NJHTFLG2)

Indicates that the security section product has not verified data at the node that created the security section. If not set, you can assume that the security data was verified.

Type: bit 80

Default value: 1

NJHTUNRF (40 bit in NJHTFLG2)

Indicates that an undefined user that does not have RACF version 1.9 sent the data set.

Type: bit 40

Default value: 1

NJHT2MLO (20 bit in NJHTFLG2)

Indicates required multiple leaving options were active at the node that created the security section.

Type: bit 20

Default value: 0

NJHT2SHI (10 bit in NJHTFLG2)

Indicates security data could not be verified at the node that created the security section.

Type: bit 10

Default value: 0

NJHT2TRS (8 bit in NJHTFLG2)

If set, you can consider the user to which this section applies a part of the trusted computer base.

Type: bit 8

Default value: 0

NJHT2SUS (4 bit in NJHTFLG2)

If set, the security data was obtained with a surrogate user at the node of creation.

Type: bit 4

Default value: 0

NJHT2RMT (2 bit in NJHTFLG2)

Indicates the job or data set originated remotely.

Type: bit 2

Default value: 1

NJHTPOEX

Indicates the port of entry class index. The following are defined:

1= Terminal Class

2= Console Class

3 = JESINPUT Class

Field, type, and range: 1 binary (1-255)

Default value: X'03'

NJHTSECL

Security label associated with the user represented by this section.

Field, type, and range: 8 character (A-Z, 0-9)

Default value: none

NJHTCNOD

Node at which security section was generated.

Length, type, and range: 8 characters (A-Z, 0-9)

Default value: 0

NJHTSUSR

Submitting user's user ID.

Length, type, and range: 8 character (A-Z, 0-9)

Default value: none

NJHTSNOD

Job submission node.

Length, type, and range: 8 character (A-Z, 0-9)

Default value: none

NJHTSGRP

Submitting user's group ID.

Length, type, and range: 8 character (A-Z, 0-9)

Default value: none

NJHTPOEN

Port of entry name at this job's creation node.

Length, type, and range: 8 character (A-Z, 0-9)

Default value: none

NJHTOUSR

Security session owner's user ID.

Length, type, and range: 8 character (A-Z, 0-9)

Default value: none

NJHTOGRP

Security session owner's group ID.

Length, type, and range: 8 character (A-Z, 0-9)

Default value: blanks