Granting the user access to the RACF OPERCMDS class

Ensure that the user of the extended MCS console has READ access to a profile in the RACF® OPERCMDS class named: 
MVS.MCSOPER.console-name

For a TSO/E user, the CONSOLE command defaults to the userID as the console name, but the user can override the default with the NAME(console-name) operand. For an application program, console-name is the name specified on the MCSOPER macro.

Before the RACF administrator can grant a RACF user (TSO/E user or MCSOPER name) access to the RACF OPERCMDS class, the administrator must ensure that the user has a RACF user profile. In the following example, assume that the TSO/E user or application program name has a RACF user profile already defined.

The RACF security administrator can take the following steps to give users access to the RACF OPERCMDS class:

  1. Issue the SETROPTS command to activate the OPERCMDS class: 
    SETROPTS CLASSACT(OPERCMDS)
  2. Create specific MVS™.MCSOPER.console-name profiles naming the intended consoles, and granting users to them only as appropriate for their intended level of authority. 
    RDEFINE OPERCMDS MVS.MCSOPER.console-name UACC(NONE)
  3. Grant the TSO/E user or application program access to the OPERCMDS resources: 
    PERMIT MVS.MCSOPER.console-name CLASS(OPERCMDS) ID(console-name) ACCESS(READ)

    Console_name must have a RACF user profile defined. See Defining the user profile of an extended MCS console.

  4. Issue SETROPTS RACLIST command to refresh the OPERCMDS reserve class: 
    SETROPTS RACLIST(OPERCMDS)
Parent topic: Controlling extended MCS consoles using RACF