User IDs for command and command resource security
The user ID used for command security or command resource security depends on where the command is issued from.
Issued from... | User ID contents |
---|---|
CSQINP1, CSQINP2, or CSQINPT | No check is made. |
System command input queue | The user ID found in the
UserIdentifier of the message descriptor of the message
that contains the command. If the message does not contain a
UserIdentifier , a user ID of blanks is passed to the
security manager. |
Console | The user ID signed onto the console. If the console is not signed on, the
default user ID set by the CMDUSER system parameter in CSQ6SYSP. To issue commands from a console, the console must have the z/OS® SYS AUTHORITY attribute. |
SDSF/TSO console | TSO or job user ID. |
Operations and control panels | TSO user ID. If you are going to use the operations and control panels, you must have the appropriate authority to issue the commands corresponding to the actions that you choose. In addition, you must have READ access to all the hlq.DISPLAY. object profiles in the MQCMDS class because the panels use the various DISPLAY commands to gather the information that they present. |
MGCRE | If MGCRE is used with UTOKEN, the user ID in the UTOKEN. If MGCRE is issued without the UTOKEN, the TSO or job user ID is used. |
CSQ0UTIL | Job user ID. |
CSQUTIL | Job user ID. |
CSQINPX | User ID of the channel initiator address space. |