z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Controlling the use of the ONLYAT operand

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Commands that specify the ONLYAT operand are subject to a security check to determine if the command issuer is authorized as follows:
  • The command issuer and the target user ID must be SPECIAL.
  • No user ID association is required if the target user ID is the same as the command issuer. The user IDs can be on different nodes.
  • If the target user ID is different from the command issuer, a user ID association between the command issuer and the target user ID is required. This prevents a SPECIAL user from unauthorized use of another remote SPECIAL user ID.

For information on implementing command direction using the ONLYAT operand, see Directing commands using the ONLYAT option.

Parent topic: Controlling the use of remote sharing functions

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014