To protect TSO/E resources, you can limit the commands that users can issue and limit user access to data sets. You can limit the commands that users can issue from TSO/E READY mode, from Session Manager, from the background, and from ISPF/PDF.

From TSO/E READY mode, by default, users cannot use the ACCOUNT, CONSOLE, CONSPROF, OPERATOR, RACONVRT, SYNC, SUBMIT, OUTPUT, STATUS, CANCEL, PARMLIB, and TESTAUTH commands. You give users authority to use these commands when you define them to TSO/E by using either the ACCOUNT command and/or RACF® commands. You can optionally write TSO/E exits to authorize users to use the CONSOLE, CONSPROF, PARMLIB, and TESTAUTH commands. For the SUBMIT, OUTPUT, STATUS, and CANCEL commands, you can also write TSO/E exits and exits provided by JES2 and JES3 to customize and restrict how users submit jobs and process job output.

By default, users can use the SEND, LISTBC, TRANSMIT, RECEIVE, FREE, OUTDES, EXEC, and PRINTDS commands from TSO/E READY mode. You can write TSO/E exits to restrict the use of these commands. You can also write exits for the SEND subcommand of the OPERATOR command to restrict users who are authorized to use the OPERATOR command from using the SEND subcommand.

A user who is using Session Manager can, by default, issue all TSO/E commands and Session Manager commands. By writing Session Manager exits, you can limit the commands that users can issue from Session Manager.

Users, by default, can also issue most TSO/E commands from the background or from ISPF/PDF panels. By changing a SYS1.PARMLIB member or by coding a TSO/E CSECT, you can limit the use of commands in the background. Modifications you can make to an ISPF/PDF module allow you to limit the commands used from ISPF/PDF.

You also have the option to limit a user's access to data sets. You can enforce this option through RACF or through the MVS™ allocation input validation routine (IEFDB401).

With RACF installed, your installation can use security labels (SECLABELs) and your security administrator can activate security label checking. In this case, resources and users have security labels associated with them. Users can only access resources that have been authorized for them to use through RACF.

Security label checking affects the processing of several TSO/E commands, such as SEND, LISTBC, TRANSMIT, and RECEIVE. For information about the processing of these TSO/E commands with security labels, see the individual topics in this document.

For information about setting up security labels, see . For more information about providing TSO/E resource protection, see Protecting the resources TSO/E users can access.