If you share the RACF® database with a z/VM® system, restricted user IDs can be used to access resources they are not specifically authorized to access on the z/VM system. When you share the RACF database with a z/VM system, you can avoid this by adding each restricted user ID to the access list of each z/VM resource with the access authority of NONE.

A LISTUSER command issued for a restricted user ID from a z/VM system does not display the RESTRICTED attribute.