As there is no target security authorisation checking done yet for cross-system MSF actions in OPS/MVS, we have protected our production systems from unauthorised actions from test systems by defining the MSF links to test systems as NOSECURE in our production systems.
So, on PROD system, the MSF link to test system is defined as NOSECURE.
But, we noticed that via OPS;4.3, we are still able to cancel an OSF server from a test lpar on a PROD system.
We would have expected that this operation is seen as an UPDATE action and therefore wouldn't be granted due to the NOSECURE implementation...
Release : 13.5 and below
Component : OPS/MVS