The effectiveness of restricted TSOS co-administration depends, among other things, on specific system protection settings made by the security officer (by default SYSPRIV). Because as long as a user under the user ID TSOS can gain access to the system by using other user IDs, it makes no sense to monitor TSOS co-owner accesses.

The security officer must do the following:

• Withdraw user administration rights from the user TSOS
  (USER-ADMINISTRATION privilege).

  This prevents the user TSOS from gaining access to other user IDs.

• Withdraw guard administration rights from the user TSOS
  (GUARD-ADMINISTRATION privilege).

  This prevents the user TSOS from administering any other guards and thus from modifying protection settings in other guards.

There is more information on privilege management in section "Management of privileges".