We are in the process over transferring part of our workload to another site.   Users are issuing the SDSF "& n" command to keep their TSO sessions from timing out.  This is a definite security problem, as we have no idea where their lap-tops are located at midnight or any time when the user is not with it.  What can be done through Top Secret to prevent these users from setting the "& n" command?

Release : 16.0

This is not a Top Secret issue. There is no SAF resource that covers this, it is only controlled via SDSF parms.
To prevent users from being able to use auto update by issuing the "&n" command, set the SDSF server parameter statement AUPDT to 0 in the SDSF group the users fall into when they enter SDSF.

For example, if  users fall into a group named ISFUSER, then in the SDSF parm member that is loaded, the AUPDT statement needs to be coded as AUPDT(0).  The server needs to be refreshed after the AUPDT parameter is updated. 

Here is an example after updating and refreshing the server:  

GROUP NAME(ISFUSER),

TSOAUTH(JCL,OPER,ACCT),

ACTION(ALL),

ACTIONBAR(YES),

AUPDT(0),

etc.....

Now when the "&n" command is issued the following message is returned:
UPDATE NOT AUTHORIZED