What Commands are Considered Privileged Commands under CA Roscoe?

Document ID : KB000024845
Last Modified Date : 14/02/2018
Show Technical Document Details

Question: 

How can I tell who is authorized to use these commands?

Answer: 

There are six categories of privileged commands. Users' access to these commands is configured using UPSMNT60. You may view each user's authority to use these commands by running a report using the UPSLIST utility. A sample of the UPSLIST JCL is in SAMPJCL.

OPER: Allows use of the DEBUG, LIBCACHE, OPERATOR (OPR), RCSTRACE, ROZAP commands, privileged use of MESSAGE command, and the PEEK function.

RPS: Allows use of the privileged operands of the PRINT command.

ACCT: Allows use of the ACCT and RTM commands.

ETSO: Allows use of the privileged operands of the CANCEL, FREE, and QUERY commands.

LIB: Allows use of the privileged commands UPDATE, SAVE, DELETE, RENAME, and ALTER for daily library maintenance, regardless of the way security groups are established.

UPS: Allows use of the privileged command UPSMNTnn.

Note: A user that is enabled to use the UPS privileged commands must also be enabled to use the LIB privileged commands. A user that is enabled UPS privileges cannot enable privileged commands for other users through a UPS ADD or UPS UPDATE command. The privileged command field on the UPSMNTnn panel is protected and has a value of 'N.'; only the owner of the UPS prefix can enable privileged commands to a user.

Additional Information:

See TEC486751 Is there a search command to determine which users and groups have been defined to Roscoe? for JCL to run UPSLIST and how to interpret the output.