Securing a panel in a library

Document ID : KB000115544
Last Modified Date : 03/10/2018
Show Technical Document Details
Introduction:
prevent certain general users from executing the IBM DFSMS user profile administration panel.
Question:
we are running z/OS 2.2, v16.0 of Top Secret. I need to prevent certain general users from executing the IBM DFSMS user profile administration panel.
The panel I'm trying to secure is in the library SYS1.DGTPLIB and the panel name DGTDPPF5.
What commands do I need to execute to prevent select users from being able to access the panel ? 
Environment:
z/os
Answer:
According to the SECTRACE program DGTFPF00 is not owned which means its not secured by CA Top Secret and anyone will be granted access to it. Since its not owned, you cannot PERMIT it or REVOKE. A resource must be owned in CA Top Secret before you can PERMIT or REVOKE it from an acid. If you issue a: tss per(ALL) program(dgtfpf00) acc(all) you would issue a: tss per(joe) program(dgtfpf00) acc(none) for those users you dont want pickup up the PERMIT from the ALL record. PERMITs directly on a user will always override a similar PERMIT on the ALL record.