Is there any ADMIN type parameter that governs who can execute what types of batch jobs? I.E. who can create or alter profiles and/or userids. We are trying to clean up (tighten up) who can do what via TPX.

1. Anyone can submit a TPX batch job unless you restrict that through security. Limit who can execute PGM=NVISION.
   
   
2. The batch jobs can update the TPX VSAM files. TPX batch itself does not enforce any updating restrictions.
   Use your security package (ACF2, RACF, TOPS) to restrict UPDATE to these files to only the TPX started task and administrator userids that may use TPX batch for updating.