In reviewing security on some systems, it was discovered that the OPSMAIN/OPSOSF logon ids on RACF systems have the TRUSTED attribute.  I cannot find any reason why we did it that way as i don't see any references in the documentation that it was required.

OPS/MVS RACF security question

Is there any value in keeping the TRUSTED attribute on the OPSMAIN/OPSOSF logon ids?

OPS/MVS

Likely that someone, in the past, added the trusted attribute because OPS was not authorized to issue a specific command. If you are using the OPERCMDS command class and did not define OPS/MVS as allowed to issue all commands, you may run into problems with the trusted attribute being removed.

Assigning the RACF TRUSTED attribute