Peter, Can I strongly suggest you instigate a project to activate OPERCMDS (and JESSPOOL if not already active).
ISFPRMx just controls actions within SDSF and does not preclude any semi-capable programmer from writing code to issue operator commands (or access SYSOUT using the JES SSI). Starting with z/OS 2 5, SDSF no longer uses ISFPRMxx to control security as everything now only goes through SAF authority. We use the SDSF class for product controls, and also make OPERCMDS and JESSPOOL checks on the user's behalf when processing actions taken within the product. Please be aware that converting your systems to correctly use OPERCMDS and JESSPOOL can be a lengthy process, and you should allow many weeks for testing and validation. The OPERCMDS and JESSPOOL classes being activated can affect a broad range of other products including sysout archiving and automated operations. I do have some presentations about SDSF security and can point you in the right direction if you want. As a further note, the old ISFACR tool that was written 25+ years ago to aid in SAF security migration is showing its age a bit. We have some more recent (and much simpler) tools and processes now. Rob Scott Rocket Software Sent from Samsung Mobile on O2 Sent from Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Peter <[email protected]> Sent: Saturday, December 2, 2023 9:31:26 AM To: [email protected] <[email protected]> Subject: zOSMF install - SDSF ISFPRMxx EXTERNAL EMAIL Hello All Good morning I have planned to install zOSMF in our test LPAR. Our SDSF uses its own security features using ISFPRMXX and I can see zOSMF has its own IZUSEC jobs where it activates OPERCMDS class. We never activated OPERCMDS instead we manage using ISFPRMXX PARMLIB member. Is there anyone who have installed zOSMF with above scenario? Peter ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ================================ Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA 02451 ? Main Office Toll Free Number: +1 855.577.4323 Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy ================================ This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
