We had a developer who logged on to one of our production IMS Subsystem thinking it was a test environment.
He was able to issue a /ASSIGN TRAN command despite not having authority:
ACFDC040 LOGONID DZW4SH SOURCE VPL20512 ACCESS TO COMMAND ASSIGN
ACF04056 ACCESS TO RESOURCE ASSIGN TYPE RC16 BY DZW4SH NOT AUTHORIZED
/ASS TRAN OSW1I07 CLASS 2
DFS058I ASSIGN COMMAND COMPLETED
I reviewed the rules that govern the IMS Commands for ASSIGN and verified that he does not have authority to this command.
ACF2/IMS uses the DFSCCMD0 exit point in IMS.
if there is another version of DFSCCMD0 in the IMS RESLIB - ACF2 will pass control to that module if CMDMCS is set to either B or C.
The default IMS version of this module will allow access.
If you rename the module in the IMS reslib - the outcome of the ACF2 validation will be honored