Currently, users are changing their virtual console names to something different other than their default userid.  This has created some concerns and was also identify as security exposure.  The SDSF SET CONSOLE Command provides the ability to assign an extended console name.  Is there an ACF2 resource which will prevent users from assigning a different console name other that their default userid.   

Release : 16.0

Component : ACF2 for z/OS

For a TSO/E user, the SET CONSOLE command defaults to the userID as the console name, but the user can override the default with the NAME(console-name) operand.

To control the ability to issue the SDSF SET CONSOLE command the Security administrator must ensure that Resource class OPERCMDS rules are in place for the resource MVS.MCSOPER.console-name. By default the default TYPE code for Resource class OPERCMDS is TYPE(OPR). An example rule follows:

$KEY(MVS) TYPE(OPR)
MCSOPER.- UID(*************USER001) SERVICE(READ) PREVENT     
MCSOPER.- UID(*************USER002) SERVICE(READ) ALLOW

The rule will allow USER002 to issue the SET CONSOLE command but not USER001. Note the the rule entry for USER001 is not  needed because by default access would not be allowed(no rule, no access) although site may include the rule for clarity.