+

Search Tips | Advanced Search

User IDs for command and command resource security

The user ID used for command security or command resource security depends on where the command is issued from.

Issued from... User ID contents
CSQINP1, CSQINP2, or CSQINPT No check is made.
System command input queue The user ID found in the UserIdentifier of the message descriptor of the message that contains the command. If the message does not contain a UserIdentifier, a user ID of blanks is passed to the security manager.
Console The user ID signed onto the console. If the console is not signed on, the default user ID set by the CMDUSER system parameter in CSQ6SYSP.

To issue commands from a console, the console must have the z/OS SYS AUTHORITY attribute.

SDSF/TSO console TSO or job user ID.
Operations and control panels TSO user ID.

If we are going to use the operations and control panels, you must have the appropriate authority to issue the commands corresponding to the actions that you choose. In addition, we must have READ access to all the hlq.DISPLAY. object profiles in the MQCMDS class because the panels use the various DISPLAY commands to gather the information that they present.

MGCRE If MGCRE is used with UTOKEN, the user ID in the UTOKEN.

If MGCRE is issued without the UTOKEN, the TSO or job user ID is used.

CSQ0UTIL Job user ID.
CSQUTIL Job user ID.
CSQINPX User ID of the channel initiator address space.
Parent topic: User IDs for security checking on z/OS

Last updated: 2020-10-04