Steps for granting authority to start ADNR

Grant explicit authority to all users that can start ADNR, to prevent unauthorized users from starting it. If you do not grant explicit authority, any user able to issue the START command can start ADNR.

Procedure

Perform the following steps to grant authority to start ADNR.

  1. Ensure that the OPERCMDS class is active and RACLISTed, and that RACLIST processing is enabled: 
    SETROPTS CLASSACT(OPERCMDS)
SETROPTS RACLIST (OPERCMDS)
  2. Define the following OPERCMDS class profile using a security product like RACF®: 
    RDEFINE  OPERCMDS (MVS.SERVMGR.ADNR) UACC(NONE)
  3. Grant ADNR access to the OPERCMDS class: 
    PERMIT   MVS.SERVMGR.ADNR CLASS(OPERCMDS) ACCESS(CONTROL) -
                          ID(userid)
  4. Refresh the OPERCMDS class: 
    SETROPTS RACLIST(OPERCMDS) REFRESH
  5. See the EZARACF sample in SEZAINST for specific instructions. All commands that you can issue against ADNR are MODIFY commands, with the exception of the STOP command used to stop ADNR. Therefore, you might also want to limit which users are able to issue MODIFY and STOP commands.
Parent topic: Step 7: Define security server profiles for ADNR