View previous topic :: View next topic
|
Author |
Message |
Maureen Tary
New User
Joined: 26 Sep 2008 Posts: 2 Location: Connecticut, USA
|
|
|
|
Hello. Is it possible to restrict the use of a specific TSO command with RACF rules ? I want to prevent a userid from being able to successfully issue TSO TELNET to connect to telnet server and external access.
Thanks for any hints. |
|
Back to top |
|
|
expat
Global Moderator
Joined: 14 Mar 2007 Posts: 8797 Location: Welsh Wales
|
|
|
|
What about security on the server ?
Not sure that RACF can stop a REXX execution unless access to that specific dataset / PDS is denied.
You can use RACF to protect program usage, but as far as I know, not a REXX execution. |
|
Back to top |
|
|
nevilh
Active User
Joined: 01 Sep 2006 Posts: 262
|
|
|
|
TELNET is a program |
|
Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006 Posts: 19244 Location: Inside the Matrix
|
|
|
|
Hello Maureen and welcome to the forums,
Your security people should be able to restrict access to TSO/TELNET.
If your goal is to prevent people from gaining access to remote systems via TELNET, i suspect there is a much larger exposure from their desktop system. In additon to the many tcp/ip products (which is how most places connect to their mainframe), there is a Microsoft Telnet Client on every Windows system i use. |
|
Back to top |
|
|
Maureen Tary
New User
Joined: 26 Sep 2008 Posts: 2 Location: Connecticut, USA
|
|
|
|
I am not the security admin but am trying to advise them on this....
I think the answer lies in the SERVAUTH class rule and establishing a profile for EZB.STACKACCESS.lpar.TCPIP. Then by granting no access to this profile for users that need to be prevented from using the TELNET command. I had hoped to be able to prevent specific command use for individual users on the tso side. Thanks to all for reading this and posting your comments. |
|
Back to top |
|
|
|