Server security
The z/OS Explorer servers verify that they are started as started task. This allows you to use
the standard security profiles for operator command to ensure only authorized users can start them.
If access to console commands is restricted, the user requires the console access and the
UPDATE permission to profile MVS.START.STC.mbrname.** in the
OPERCMDS class.
Refer to Security Server RACF® Security Administrator's Guide (SA22-7683) for more information on operator command protection.
A server can also be started as a batch job if the user ID used to run the server has explicit permission to the related profile documented in table 1.
| Server | Default class | Profile | Permission |
|---|---|---|---|
| JMON, JES Job Monitor | FACILITY | FEJ.START.BATCH.jobname.port | READ |
| RSED, RSE daemon | FACILITY | FEK.START.BATCH.jobname.port | READ |
| Name | Substitution |
|---|---|
| Jobname | Name of the job |
| Port | Server port number |
Note: {zexpl} servers assume a user has no access authorization when the security software indicates
it cannot determine whether the user is authorized to a profile. An example of this is when the
profile is not defined.