What security definition is needed to see ALL USS threads within the OPSOSF address space by using the OPSUSS built-in Function?

Document ID : KB000007027
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

We use the following OPSUSS built Function to display the z/OS job name of the address space in which the process is running:


Var = OPSUSS('PROCESS','JOBNAME','ABCD%','PREFIX')

But tis function is not returning information.

 

When we use the ALLDATA Subfunction instead JOBNAME the only the own thread of OPSOSF is found so it seems to be a security issue.

What is the authorization required to allow ops to access the processes it does not own?

Resolution:

You need SUPERUSER.PROCESS.GETPSENT authority in order for ops to "see" processes it does not own.

It is in the UNIXPRIV class and you need READ access to it.

Additional Information:

Detailed information about the OPSUSS buit-In function can be found at the following link:

 

https://docops.ca.com/ca-opsmvs/122-EN/reference-information/command-and-function-reference/ops-rexx-built-in-functions/opsuss-function