By introducing CA OPS/MVS into your environment, you can execute TSO commands from an address space other than the one to which you are logged on. Typically, these other address spaces, which are OPSOSF servers, are more privileged than typical TSO address spaces. Since this ability could lead to a security problem, CA OPS/MVS provides various safeguards.
Suppose that a TSO user uses the OPSRMT command (or the OPSCMD command with the SYSID keyword) to send a command to another system for execution. Along with the command, CA OPS/MVS sends the user ID of the issuer of the command to the remote system. Before the OPSOSF server executes the command, it assumes the security profile of the user.
If you use the OSF command character as a prefix for a command that you enter at a console, then the OPSOSF address space executes the command using the security profile of the address space. This occurs because no specific user ID is available. Make sure that the OPSOSF servers do not have access to data sets or other system resources that you want to secure from even those users who have access to z/OS consoles.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|