All entries made at a console are initially routed to UCON, the central console task of the system. If it is a command being entered, UCON must first carry out the authorization check linked to the routing code of the command. Only when this is done may the command be passed to the relevant command server.
As the routing code of a command (and in the case of special operator commands also the command server) is not however part of the SDF syntax file, UCON must keep a separate command table, in which the required information is held. Commands not contained in the UCON command table cannot be executed at consoles. Special operator commands must therefor be the first entries in these tables.

Static entries

One option for entering special operator commands into the UCON command table is the parameter service instruction ADD-CMD-ENTRY (see "ADD-CMD-ENTRY statement"). The entries generated in this way are static, i.e. are retained for the entire duration of the session. This means that only a $CONSOLE application with a (statically) generated authorization name can be specified as the relevant command server (if the specified authorization name is not yet known, it is automatically generated. In addition, there are no facilities here for declaring the command as manageable.

If a special operator command is to be executed in manageable form or is to be executed by a $CONSOLE application with dynamic authorization names, the entry in the command table must be made dynamically with the aid of the CONNECT-CMD-SERVER command.

Dynamic entries

A $CONSOLE application that is to act as a server for a special operator command can log itself on as a command server dynamically in the case of UCON with the CONNECT-CMD-SERVER command. UCON then automatically creates a corresponding entry in the command table.
It should be noted that up to four entries in the command table are permitted for each command. CONNECT-CMD-SERVER can also be executed for commands which have already been entered (also system commands), in which case not all attributes of the command can be changed; see command description. The new entry then “overlays” the old one, and the commands are henceforth delivered to the $CONSOLE application that possesses the latest entry. Which entries exist can be displayed using the SHOW-CMD-ATTRIBUTES command.
A dynamic entry in the UCON command table is automatically removed if the connection between $CONSOLE and the relevant command server is cleared. The application can also delete it explicitly by means of the DISCONNECT-CMD-SERVER command.

If the entry removed was the only one for this command, the command is no longer recognized. If there are other entries, the latest of the entries still existing becomes (or remains) effective; the commands are delivered to the owner of this entry.

Definition in the syntax file

SDF-A permits the creation of syntax file entries for special operator commands (statement ADD-CMD <name>, IMPLEMENTOR=*APPLICATION). Such a syntax file entry is necessary if the command contains passwords that are not to be logged in the CONSLOG. Such commands are entered into the UCON command table with PASSWORD-POSSIBLE=*YES. The CLOG task then calls SDF before logging to CONSLOG and removes all operands identified as “secret” (SDF-A: ADD-OPERAND <name>, SECRET-PROMPT=*YES). If there is no syntax entry, the command is logged unchanged in plaintext.
In addition, special operator commands for which there is a syntax file entry can be used not only at consoles, but in all user tasks with the appropriate authorization in accordance with the command privileges entered in the syntax file. An authorization check on the basis of the routing code is not made on entry in a user task.

If a special operator command is to be made available to a particular user group by entry into the system syntax file, the following point must be noted:
The syntax file entry does not replace the entry in the UCON command table. Commands which are entered in the system syntax file but not in the UCON command table are rejected with message NBR0744. The same procedure applies for additional alias names of a known command which are, however, unknown to UCON.

The OPERATING privilege can be assigned to any user IDs. This allows them to use almost all so-called operator commands.