READ access is require for the "commands" you listed (L2QPDMND, L2QM1 and L2DB1). What do I mean by "commands".
L2QPDMND is the resource name for the DEMAND command. If a user has READ access to resource L2QPDMND, that users is authorized to enter the DEMAND,JOB=xxxxxxxx command.
L2DB1 is the resource name for the JOB command, which takes you to the job definition panel. This only allow you to access the panel. Once you access the panel is when the "FUNCTION LEVEL" security takes place. For example with READ access to L2DB1 you can do a LIST function. But you can't ADD, UPDATE or DELETE a job. You will need a high access level, such as ADD, UPDATE or CONTROL (depends on the security product you are using).
See the Access level Translation table in the link below:
https://techdocs.broadcom.com/us/en/ca-mainframe-software/automation/ca-workload-automation-ca-7-edition/12-1/securing/security-tables.html------
I hope this post shed some light on your question. If needed, please open a support case and we can have further discussions to clear up your questions/concerns.
Original Message:
Sent: Sep 30, 2022 10:57 AM
From: Lennie Currington
Subject: L2QPDMND - L2QM1 - L2DB1 Read access
If someone only has READ access to L2QPDMND, L2QM1, & L2DB1 will they be able to perform tasks such as demanding in jobs, holding jobs, releasing jobs, etc? READ access would seem to indicate only that, but someone is suggesting that READ access would still allow job functions to be performed with READ access instead of update access. Has anyone else experienced READ access allowing all functions still being able to be performed