An installation can define and protect the use of extended MCS consoles through a security product like RACF®. To define a user to RACF and control the use of the console, consider the following:

1. Arrange with the RACF security administrator to define a RACF profile for the user of the extended MCS console.

   For an interactive TSO/E user, the security or TSO/E administrator can use RACF commands to permit the user to issue the TSO/E CONSOLE command. To customize the use of the TSO/E CONSOLE command, the user can use the TSO/E operator presentation sample defined as a series of Interactive System Productivity Facility (ISPF) panels in SYS1.SAMPLIB. The SYS1.SAMPLIB member name that contains documentation for the TSO/E operator presentation sample is IEATOPSD.

   For an MVS™ application program, the administrator can use RACF commands to protect the use of the MCSOPER macro. In the RACF profile, the administrator defines the name of the extended MCS console that the application must specify on the MCSOPER macro.

2. Ensure that the TSO/E user or application that acts as an extended MCS console has the proper console attributes.

   In the RACF profile for the TSO/E user or for the MCSOPER name that the application uses to activate the console, the RACF security administrator can specify the console attributes. An application program can use MCSOPER instead of RACF to specify these console attributes. If both RACF and MCSOPER define console attributes for an extended MCS console, MCSOPER values override the RACF values.

Controlling extended MCS consoles using RACF describes examples of defining RACF user profiles for an extended MCS console.