RACF Trusted attribute on OPSMAIN/OPSOSF logon ids in CA OPS/MVS Event Management and Automation


Article ID: 16252


Updated On:


CA OPS/MVS Event Management & Automation


In reviewing security on some systems, it was discovered that the OPSMAIN/OPSOSF logon ids on RACF systems have the TRUSTED attribute.  I cannot find any reason why we did it that way as i don't see any references in the CA doc that it was required.

OPS/MVS RACF security question

Is there any value in keeping the TRUSTED attribute on the OPSMAIN/OPSOSF logon ids?


CA OPS/MVS release 12.3


Likely that someone, in the past, added the trusted attribute because OPS was not authorized to issue a specific command. If you are using the OPERCMDS command class and did not define OPS/MVS as allowed to issue all commands, you may run into problems with the trusted attribute being removed.

Additional Information

Assigning the RACF TRUSTED attribute