User authorizations will allow you to set object-related permissions. For instance, if I want the user TESTSAA to only able to run all JOBS with login object @LOGIN.SAA, but not edit them or modify them, I will need to set the permissions as below :
- JOBS : Name '*' for all names and 'X' for execution authorization.
- FOLD: here '*' with read (R) permission for all folders. I could as well restrict the folders that can be seen by this user, by setting their names, or using a wildcard (e.g. FOLD* would allow the user to read FOLDER1, FOLDER2, FOLDER.TEST, etc.)
- JOBI: by default jobs contain a job include (JOBI) object, like HEADER.UNIX and HEADER.WINDOWS. Without permissions on at least these objects it will not be possible to run jobs that use theseincludeobjects.
- LOGIN: usually a job will require a login object to be executed.