z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Authorizing the use of operator commands

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can control which groups of users (system programmers and operators) can issue commands. You can use RACF® to authorize or restrict users from entering some or all commands, or specific variations of commands, or the consoles from which commands can be entered.

To control the use of operator commands, create profiles in the appropriate RACF classes that enable RACF command authorization. The specific RACF classes that you must activate depend on the input source that you want to protect. Table 1 lists the RACF classes that must be activated for each input source.

Table 1. RACF classes used to authorize operator commands
Source of commands RACF security class to activate See…
Operator commands (except when from remote workstations or NJE nodes) OPERCMDS Controlling the use of operator commands
Commands from remote workstations (require additional setup) OPERCMDS, FACILITY Commands from RJE work stations
Commands from NJE nodes (require additional setup) OPERCMDS, FACILITY Commands from NJE nodes
Commands entered through, or generated by, SDSF OPERCMDS, CONSOLE Administering the use of operator commands
Parent topic: Administering the use of operator commands

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014