|
|
|
Most data centers restrict the use of MOUNT and OPERATOR privileges on both security and operation grounds, but the JCL privilege is a requirement for programmers that do batch compilations and tests.
The control of program products that permit console operator commands to be issued from a TSO terminal (such as Omegamon or Resolve) is a major concern. These powerful products are sold as performance monitors or productivity aids for system programmers. They gain authorization through special SVCs or through the APF library system.
Be sure to read both the SVC and APF sections of this guide to identify APF‑authorized TSO commands, programs, and SVCs.
The TSO CONSOLE command can also allow users to issue operator commands (see the TSO Information Summary section earlier in this chapter for information about auditing authorized TSO commands). You should audit sysout viewing facilities to be sure that only appropriate access to spool is granted, and that any facilities for issuing operator commands are properly restricted. (Access is commonly limited to control of a user’s own jobs.)
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |