As in a single-system environment, users must be authorized to:
- Attach a transaction (transaction security)
- Access all the resources that the transaction is programmed to use. These
levels are called resource security, surrogate user security, and command security