MVS
Where to find more information
MVS™ supports multilevel security by providing
the following support:
- All console operators must LOGON before issuing any commands.
- All operator commands are auditable.
- All accesses to named protected objects from operator commands are audited.
- Only users defined to RACF® are allowed to access MVS.
- The use of terminals, printers, and other unit record equipment is controlled through RACF.
- The security administrator can restrict the use of particular commands to a particular operator at a specific console
Note: The Hardware Management Console (HMC) and support element
console both allow entry of z/OS® operator
commands, but neither supports the MVS LOGON
command. Therefore there is no operator accountability when an operator
uses these consoles.
Guidelines: You
must take extra care to protect these consoles:
- Use physical security (for example, place them in a locked room)
- Limit distribution of passwords for these consoles
- Use these consoles for z/OS operation only in an emergency
For more information about the Hardware Management Console and the support element, see S/390® Hardware Management Console Operations Guide, GC38-0470.