Security Rules for OPSMVS STOP/START from OPSVIEW panel 4.6 and 4.7

Start and shutdown from OPSVIEW panel 4.6 and 4.7 can be misused.

Panel 4.6 uses OPSCMD, and Panel 4.7 uses ADDRESS OPER, they all belong to the OPS/MVS operational facility OPSCMD. There’s no distinction between using the panels or other interfaces to issue the START/STOP command, since the commands are issued through the CLIST or REXX involved when running the panels.

If you want to secure the usage of START/STOP OPS/MVS commands against TSO users, there are two options:

1. External security rules (When value of parameter EXTSECURITY is ON) rules to secure resource extsecprefix.resource ( for example, OP$MVS.OPSCMD )

https://techdocs.broadcom.com/us/en/ca-mainframe-software/automation/ca-ops-mvs-event-management-and-automation/14-0/securing/saf-calls-to-process-external-security-rules/saf-resource-names-and-access-levels.html

2. OPS/MVS security rules to have logic to determine the RETURN value for the security event according to the values of SEC.OPAUUSID and SEC.AUOCCMBU.

         The event definition section is )SEC OPSCMDSTART or )SEC OPSCMDSTOP for this case.

https://techdocs.broadcom.com/us/en/ca-mainframe-software/automation/ca-ops-mvs-event-management-and-automation/14-0/using/using-automated-operations-facility-aof-rules/coding-each-aof-rule-type/security-rules.html#concept.dita_4126607aa8bea72bbee11dcdf02e266060485841_SECEventSpecifierofSECRules

An extra option for the STOP command

https://techdocs.broadcom.com/us/en/ca-mainframe-software/automation/ca-ops-mvs-event-management-and-automation/14-0/securing/mvs-stop-and-modify-commands.html