RACF can give you a greater authority to access resources if that user is signed on at a particular terminal or console. This is called conditional access processing.
WHEN(TERMINAL(netname))
or
WHEN(CONSOLE(console-name))
to
the PERMIT command.RDEFINE FCICSFCT SALARY UACC(NONE)
PERMIT SALARY CLASS(FCICSFCT) ID(PAYROLL) ACCESS(READ)
PERMIT SALARY CLASS(FCICSFCT) ID(PAYROLL)
(WHEN(TERMINAL(PAY001)) ACCESS(UPDATE)
To allow members of the
operations group OPS to be able to use the CEMT transaction only from the
console names MVS1MAST, issue the following command:
RDEFINE TCICSTRN CEMT UACC(NONE)
PERMIT CEMT CLASS(TCICSTRN) ID(OPS) WHEN(CONSOLE(MVS1MAST)) AC(READ)
For other considerations on conditional access lists see, the z/OS Security Server RACF Security Administrator's Guide.