Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Administering the use of operator commands z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
You can control who can issue MVS™ and JES operator commands regardless of their point of entry. This includes, for example, commands issued at MCS consoles, inline within batch JCL, through SVC 34, or through extended console support. You can use RACF® to authorize
the following:
In addition, the installation can use generic profiles to define
groups of commands. If RACF is
not used, the system defines the groups of commands. For more information
on using MVS and JES to perform
command authority checking, see one of the following documents:
You can use RACF to perform authority checking for all commands. However, commands issued from locally attached JES3 consoles are checked using JES3's authority, not the operator's authority. In practice, that would probably limit you to just auditing those commands. Authorizing the use of operator commands describes how you can use RACF to provide command authority checking. z/OS JES3 Initialization and Tuning Guide describes how to use JES to provide command authority checking. Note: If SDSF is installed on your system, OPERCMDS
profiles control which action characters and overtypeable fields users
can enter on SDSF panels. For complete information on creating OPERCMDS
profiles for use with SDSF, see z/OS SDSF Operation and Customization.
|
Copyright IBM Corporation 1990, 2014
|