As there is no target security authorisation checking done yet for cross-system MSF actions in OPS/MVS, we have protected our production systems from unauthorised actions from test systems by defining the MSF links to test systems as NOSECURE in our production systems.
So, on PROD system, the MSF link to test system is defined as NOSECURE.
But, we noticed that via OPS;1, we are still able to issue non-display commands (modify, stop, cancel, ...) from a test lpar on a PROD system.
We would have expected that only DISPLAY commands would be seen as READ and therefore be granted by the NOSECURE implementation, but that non-display commands are seen as an UPDATE action and therefore wouldn't be granted due to the NOSECURE implementation...
Release : 13.5 and below
Component : OPS/MVS