To match higher security standards, customers may need to avoid general authorisations as 'Trusted' or 'Operations' and replace those with qualified RACF permissions.

1. If you remove RACF attribut 'TRUSTED' and the profile ** of class PROGRAM has UACC=READ, you may get:

   ICH408I USER(STCSYSV) GROUP(STC) NAME(CA-SYSVIEW ) 640IEFIB600 CL(PROGRAM) INSUFFICIENT ACCESS AUTHORITY FROM ** (G)ACCESS INTENT(READ) ACCESS ALLOWED(NONE)CSV025I PROGRAM CONTROLLED MODULE IEFIB600 NOT ACCESSED, USER UNAUTHORIZEDIEF170I 1 SYSVIEW CSV025I PROGRAM CONTROLLED MODULE IEFIB600 NOT ACCECSV028I ABEND306-30 JOBNAME=SYSVIEW STEPNAME=STARTINGIEF170I 1 SYSVIEW CSV028I ABEND306-30 JOBNAME=SYSVIEW STEPNAME=STA

   because Universal Access (UACC) is not used for RESTRICTED ids, meaning that you will need to add STCSYSV to the access list for CLASS=PROGRAM, or remove the RESTRICTED attribute from the STCSYSV id.
   
   
2. To access logstreams, see the documentation in the INST004x jobs.

        - LOGSTRM (as documented in the jobs)

3. SYSVIEW needs ALTER or UPDATE access to the resource classes:

        - DATASET xxxxx.CAPDATA.** (G)             - ALTER     - FACILITY CSVAPF.** (G)                   - UPDATE     - OPERCMDS MVS.STOP.STC.SYSVUSER.SYSVUSER  - UPDATE     - OPERCMDS MVS.MODIFY.STC.SYSVIEW.SYSVIEW  - UPDATE

4. there may be more commands to authorize, the advantage of using this method is, that you are well aware, who is authorized.