What is the difference between CVKEY=8 and CVKEY=10 if AUTHREQ=YES for both?

Would both these generate secure versions of the SVC or would the fact that protect key 8 is specified cause the SVC to be generated differently?

Release: All supported releases.

The SVC option AUTHREQ=YES prevents all access to certain SVC functions for all callers, also for callers with the CVKEY. As these functions are needed at startup the startup routines have to be linked authorized.

MVS CSA storage is GETMAINed from subpool 231 with IDMS's primary protect key. The ESE, EREs, and pakets will be both fetch and store protected from ordinary batch jobs when IDMS runs with a protect key other than 8 or 9.

In addition, a CVKEY other than 8 or 9 will prevent batch or CICS users to call SVC functions that are reserved for the CV, such as SINON CV, SINOF CV, or ABEND SYSTEM. 

Conclusion:

• The SVC with AUTHREQ=YES and CVKEY=8 prevents the call of certain functions for all callers, but allows CV only functions for batch and CICS. The requested storage in the MVS CSA is not protected for batch and CICS programs (running with KEY 8) and paket3 movements can be used.
• The SVC with AUTHREQ=YES and CVKEY=10 prevents the call of certain functions for all callers, and prevents batch and CICS from using CV only functions. The requested storage in the MVS CSA is fetch- and store-protected and the paket movement is switched to pak2 (SVC calls). Any access to this storage with a key other than 10 results in a S0C4.

IDMS: AllowUserKeyCSA(NO) Frequently Asked Questions
SEAD, SEFD, or other SExx abend at startup of a CA IDMS Central Version (CV)