Authorizing the use of operator commands
You can control which groups of users (system programmers and operators) can issue commands. You can use RACF® to authorize or restrict users from entering some or all commands, or specific variations of commands, or the consoles from which commands can be entered.
To control the use of operator commands, create profiles in the appropriate RACF classes that enable RACF command authorization. The specific RACF classes that you must activate depend on the input source that you want to protect. Table 1 lists the RACF classes that must be activated for each input source.
| Source of commands | RACF security class to activate | See… |
|---|---|---|
| Operator commands (except when from remote workstations or NJE nodes) | OPERCMDS | Controlling the use of operator commands |
| Commands from remote workstations (require additional setup) | OPERCMDS, FACILITY | Commands from RJE work stations |
| Commands from NJE nodes (require additional setup) | OPERCMDS, FACILITY | Commands from NJE nodes |
| Commands entered through, or generated by, SDSF | OPERCMDS, CONSOLE | Administering the use of operator commands |