Grant explicit authority to all users that can start ADNR,
to prevent unauthorized users from starting it. If you do not grant
explicit authority, any user able to issue the START command can start
ADNR.
Procedure
Perform the following steps to grant authority to start
ADNR.
- Ensure that the OPERCMDS class is active and RACLISTed,
and that RACLIST processing is enabled:
SETROPTS CLASSACT(OPERCMDS)
SETROPTS RACLIST (OPERCMDS)
- Define the following OPERCMDS class profile using a security
product like RACF®:
RDEFINE OPERCMDS (MVS.SERVMGR.ADNR) UACC(NONE)
- Grant ADNR access to the OPERCMDS class:
PERMIT MVS.SERVMGR.ADNR CLASS(OPERCMDS) ACCESS(CONTROL) -
ID(userid)
- Refresh the OPERCMDS class:
SETROPTS RACLIST(OPERCMDS) REFRESH
- See the EZARACF sample in SEZAINST for specific instructions. All commands that you can issue against ADNR are MODIFY commands,
with the exception of the STOP command used to stop ADNR. Therefore,
you might also want to limit which users are able to issue MODIFY
and STOP commands.