IBM Mainframe Forum Index
 
Log In
 
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Register
 

Restrict use of Telnet command from TSO?


IBM Mainframe Forums -> JCL & VSAM
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
Maureen Tary

New User


Joined: 26 Sep 2008
Posts: 2
Location: Connecticut, USA

PostPosted: Fri Sep 26, 2008 6:00 am
Reply with quote

Hello. Is it possible to restrict the use of a specific TSO command with RACF rules ? I want to prevent a userid from being able to successfully issue TSO TELNET to connect to telnet server and external access.
Thanks for any hints.
Back to top
View user's profile Send private message
expat

Global Moderator


Joined: 14 Mar 2007
Posts: 8797
Location: Welsh Wales

PostPosted: Fri Sep 26, 2008 11:07 am
Reply with quote

What about security on the server ?

Not sure that RACF can stop a REXX execution unless access to that specific dataset / PDS is denied.

You can use RACF to protect program usage, but as far as I know, not a REXX execution.
Back to top
View user's profile Send private message
nevilh

Active User


Joined: 01 Sep 2006
Posts: 262

PostPosted: Fri Sep 26, 2008 4:27 pm
Reply with quote

TELNET is a program
Back to top
View user's profile Send private message
dick scherrer

Moderator Emeritus


Joined: 23 Nov 2006
Posts: 19244
Location: Inside the Matrix

PostPosted: Fri Sep 26, 2008 8:38 pm
Reply with quote

Hello Maureen and welcome to the forums,

Your security people should be able to restrict access to TSO/TELNET.

If your goal is to prevent people from gaining access to remote systems via TELNET, i suspect there is a much larger exposure from their desktop system. In additon to the many tcp/ip products (which is how most places connect to their mainframe), there is a Microsoft Telnet Client on every Windows system i use.
Back to top
View user's profile Send private message
Maureen Tary

New User


Joined: 26 Sep 2008
Posts: 2
Location: Connecticut, USA

PostPosted: Fri Sep 26, 2008 8:56 pm
Reply with quote

I am not the security admin but am trying to advise them on this....
I think the answer lies in the SERVAUTH class rule and establishing a profile for EZB.STACKACCESS.lpar.TCPIP. Then by granting no access to this profile for users that need to be prevented from using the TELNET command. I had hoped to be able to prevent specific command use for individual users on the tso side. Thanks to all for reading this and posting your comments.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic View Bookmarks
All times are GMT + 6 Hours
Forum Index -> JCL & VSAM

 


Similar Topics
Topic Forum Replies
No new posts RACF - Rebuild SETROPTS command which... All Other Mainframe Topics 3
No new posts Routing command Address SDSF to other... TSO/ISPF 2
No new posts DTL - how to define key with stacked ... TSO/ISPF 3
No new posts LTJ command CA Products 4
No new posts Query on edit primary command CLIST & REXX 5
Search our Forums:

Back to Top