Hello Dan,
In my understanding, one needs to explicitly allocate STDERR to SYSOUT in order for it to be visible in the job output; that is, it must be done deliberately. Please correct me if I’m wrong.
BPXBATCH allows to send stderr and other standard streams to data sets or to USS files, and in such cases RACF and/or USS access permissions can provide the required security. Unfortunately in my experiments, data sets didn’t really work well because the message from Jupyter got buffered and didn’t appear in the data set until I stopped the job. Maybe some of the DD/DCB options could fix that - I just didn’t try. On the good side of it, I was able to successfully open the Jupyter link when STDERR was pointing to a Unix file, which I viewed from ISPF.
Regards,
Vladimir