Hi Readers,
You must be thinking why it is required to limit a user profile to access a particular subsystem or submit job to one particular subsystem. Why and how is it beneficial?
Well we can do this by creating a private subsystem or a separate subsystem or by assigning the user profile to access only that subsystem. Now, when is it required. In scenario's where you want a user to access the system resource during a particular time period. For example, in most of the IT scenario's the admin department accesses the system in OOH(Out of office hours). It is not required by other user's to access the system during this time. You might need only the admin team to carry on with their processes during backups or when system is in restricted state. For this, if you set up a separate subsystem and assign the team members of Admin team to it, then you can bring down QINTER subsystem ( default subsystem for all interactive users) thus restricting all users except Admin to access the system.
Lets now, see how you can create a private or separate interactive subsystem and segregate user profiles to access them.
1- Create new subsystem for interactive processing.
2- Create a job queue that feeds interactive jobs to that subsystem and assigns that job queue to the subsystem.
3- Change your subsystem attributes to allow specific workstation names or workstation type to enter this subsystem.
4- Change QINTER attributes to not allow the devices and jobs which are intended to run in private subsystem.
Note :- This process allocates the devices ( that is workstation by name or type) to the particular subsystem and does not restrict the user profile. When a user profile signs on the the particular device, it automatically redirects to this subsystem.
1 - Create Subsystem :-
Let us now create a new interactive subsystem named QINTER1.
We can use CRTSBSD or CRTDUPOBJ to create this subsystem.
CRTDUPOBJ OBJ(QINTER) FROMLIB(QSYS) OBJTYPE(*SBSD) TOLIB(QGPL) NEWOBJ(QINTER1)
2- Create Job queue to feed new subsystem :-
Use CRTJOBQ to create a new JOBQ.
CRTJOBQ JOBQ(QGPL/QINTER1) TEXT ( NEW JOB QUEUE FOR INTERACTIVE WORK)
3- Add Job Queue to new subsystem to accept the jobs from the Job queue.
Use command ADDJOBQE
ADDJOBQE SBSD(QGPL/QINTER1) JOBQ(QGPL/QINTER1) MAXACT(*NOMAX) SEQNBR(30)
4- Since, QINTER1 is a duplicate of QINTER, it inherits QINTER Job Queue. Need to remove this QINTER job queue from QINTER1 subsystem, so that jobs that should run under QINTER will go there and not be diverted to QINTER1.
Use RMVJOBQE
RMVJOBQE SBSD(QGPL/QINTER1) JOBQ(QSYS/QINTER)
Check, which all JOBQ was added to QINTER subsystem and remove them from QINTER1 as it is a copy of QINTER subsystem. To do this, DSPSBSD SBSD(QINTER)
TAKE OPTION 6 :- JOB QUEUE ENTRIES
Seq Job Max ---------Max by Priority----------
Nbr Queue Library Active 1 2 3 4 5 6 7 8 9
10 QINTER QGPL *NOMAX * * * * * * * * *
20 QS36MRT QGPL *NOMAX * * * * * * * * *
This means, QINTER subsystem, feeds QINTER and QS36MRT job queues to it. So, now remove QS36MRT from QINTER1 subsystem job queue enteries.
RMVJOBQE SBSD(QGPL/QINTER1) JOBQ(QS36MRT)
5- Limit the workstation types that can enter subsystem QINTER1.
To authorize workstation whose name start with letter AD* (exa -AD001, AD002)
ADDWSE SBSD(QINTER1) WRKSTN(AD*)
You can view which all workstation are added for this subsystem QINTER1 by DSPSBSD SBSD(QINTER1)
Take option:-
4. Work station name entries
5. Work station type entries
You could see AD* in option 4 and *CONS and *ALL in option 5. You can remove *CONS and *ALL and thus it will limit access only to AD* workstation.
To remove,
RMVWSE SBSD(QGPL/QINTER1) WRKSTNTYPE(*CONS)
RMCWSE SBSD(QGPL/QINTER1) WRKSTNTYPE(*ALL)
You must be thinking why it is required to limit a user profile to access a particular subsystem or submit job to one particular subsystem. Why and how is it beneficial?
Well we can do this by creating a private subsystem or a separate subsystem or by assigning the user profile to access only that subsystem. Now, when is it required. In scenario's where you want a user to access the system resource during a particular time period. For example, in most of the IT scenario's the admin department accesses the system in OOH(Out of office hours). It is not required by other user's to access the system during this time. You might need only the admin team to carry on with their processes during backups or when system is in restricted state. For this, if you set up a separate subsystem and assign the team members of Admin team to it, then you can bring down QINTER subsystem ( default subsystem for all interactive users) thus restricting all users except Admin to access the system.
Lets now, see how you can create a private or separate interactive subsystem and segregate user profiles to access them.
1- Create new subsystem for interactive processing.
2- Create a job queue that feeds interactive jobs to that subsystem and assigns that job queue to the subsystem.
3- Change your subsystem attributes to allow specific workstation names or workstation type to enter this subsystem.
4- Change QINTER attributes to not allow the devices and jobs which are intended to run in private subsystem.
Note :- This process allocates the devices ( that is workstation by name or type) to the particular subsystem and does not restrict the user profile. When a user profile signs on the the particular device, it automatically redirects to this subsystem.
1 - Create Subsystem :-
Let us now create a new interactive subsystem named QINTER1.
We can use CRTSBSD or CRTDUPOBJ to create this subsystem.
CRTDUPOBJ OBJ(QINTER) FROMLIB(QSYS) OBJTYPE(*SBSD) TOLIB(QGPL) NEWOBJ(QINTER1)
2- Create Job queue to feed new subsystem :-
Use CRTJOBQ to create a new JOBQ.
CRTJOBQ JOBQ(QGPL/QINTER1) TEXT ( NEW JOB QUEUE FOR INTERACTIVE WORK)
3- Add Job Queue to new subsystem to accept the jobs from the Job queue.
Use command ADDJOBQE
ADDJOBQE SBSD(QGPL/QINTER1) JOBQ(QGPL/QINTER1) MAXACT(*NOMAX) SEQNBR(30)
4- Since, QINTER1 is a duplicate of QINTER, it inherits QINTER Job Queue. Need to remove this QINTER job queue from QINTER1 subsystem, so that jobs that should run under QINTER will go there and not be diverted to QINTER1.
Use RMVJOBQE
RMVJOBQE SBSD(QGPL/QINTER1) JOBQ(QSYS/QINTER)
Check, which all JOBQ was added to QINTER subsystem and remove them from QINTER1 as it is a copy of QINTER subsystem. To do this, DSPSBSD SBSD(QINTER)
TAKE OPTION 6 :- JOB QUEUE ENTRIES
Seq Job Max ---------Max by Priority----------
Nbr Queue Library Active 1 2 3 4 5 6 7 8 9
10 QINTER QGPL *NOMAX * * * * * * * * *
20 QS36MRT QGPL *NOMAX * * * * * * * * *
This means, QINTER subsystem, feeds QINTER and QS36MRT job queues to it. So, now remove QS36MRT from QINTER1 subsystem job queue enteries.
RMVJOBQE SBSD(QGPL/QINTER1) JOBQ(QS36MRT)
5- Limit the workstation types that can enter subsystem QINTER1.
To authorize workstation whose name start with letter AD* (exa -AD001, AD002)
ADDWSE SBSD(QINTER1) WRKSTN(AD*)
You can view which all workstation are added for this subsystem QINTER1 by DSPSBSD SBSD(QINTER1)
Take option:-
4. Work station name entries
5. Work station type entries
You could see AD* in option 4 and *CONS and *ALL in option 5. You can remove *CONS and *ALL and thus it will limit access only to AD* workstation.
To remove,
RMVWSE SBSD(QGPL/QINTER1) WRKSTNTYPE(*CONS)
RMCWSE SBSD(QGPL/QINTER1) WRKSTNTYPE(*ALL)
