By default, users cannot use the ACCOUNT, OPERATOR, RACONVRT, or SYNC commands. You should grant only a few users at your installation the authority to use these commands. You should grant ACCOUNT command authority only to users who must add and maintain user profiles. Granting users authority to use the ACCOUNT command automatically allows them to use the SYNC command. Because limiting the use of the broadcast data set may improve the performance of the LOGON command, you may want to restrict the use of the OPERATOR command to users who must send notices and cancel other users' sessions. You should restrict the use of the RACONVRT command to users responsible for converting from SYS1.UADS to the RACF® data base.

You grant users access to the ACCOUNT, OPERATOR, SYNC, and RACONVRT commands when you add them to TSO/E. To specify whether a user can use these commands, use either the ACCOUNT command or the RACF RDEFINE and PERMIT commands depending on whether the user is defined in the UADS or the RACF data base. You can also authorize users to the ACCOUNT, SYNC, and OPERATOR commands using the logon pre-prompt exit IKJEFLD or IKJEFLD1.

For more information about using the ACCOUNT command, see . For more information about using RACF commands, see .

It is probably better to restrict access to the UADS, rather than restricting the use of the ACCOUNT command in the background. Restricting the use of the ACCOUNT command in the background restricts all users from using it, and you may want administrators at your installation to be able to run the command in the background.