An operator can issue the SETPROG or SET PROG command from a console with AUTH(SYS) or higher. If RACF® authorization checking is in effect, you can control the use of these commands through RACF profiles. RACF authorization checking overrides the CONSOLxx AUTH specification.
To use RACF authorization checking to control any MVS™ command, the security administrator must ensure that each userid that issues the command is defined to RACF. Operators with a userid and a RACF profile can log on to a console, or the installation can define a RACF userid for the console itself. (For information, see Using RACF to control command authority and operator logon and Defining RACF profiles.)