When using Dispatch with external security and using any security system other than Top Secret Security for z/OS and OS/390, the default operation of Dispatch is to allow all users to access the system.

To prevent this access, use the security software to define a profile for class CACMD resource DSSIGN%%. Define the profile so the default access is none and then use the access list to authorize access. The %% in the resource name is the same as the CA-Dispatch system number. The system number is usually 01; in this case, the resource name would be DSSIGN01. However, if multiple Dispatch systems are being used, the system number definition may be different. 

You can use the system number to specify a unique identifier for each Dispatch system in your complex and use the CACMD / DSSIGN%% resource to restrict users to individual Dispatch systems, such as a test or production Dispatch system.

The facility capability in Top Secret Security for z/OS and OS/390 can be used to restrict access when using Top Secret Security for external security. The CACMD / DSSIGN%% resource is also used with Top Secret Security.

The system number is discussed in more detail in the Dispatch Installation Guide in the "Define Users and the Network" section, under the "System" section.

And for more information on using the DSSIGN%% resource, please refer to the Dispatch System Programmers Guide: Chapter 8 - Signon Security.