I discovered TSSSIM as an excellent tool to achieve apposite, unharmful security admin.
If critical permissions have to be amended, audit can be activated for the questioned permissions. After a certain time the resulting audit-records can be transformed into TSSSIM-commands (by a self written rexx). These TSSSIM-commands can be executed in batch against the original userid and against a modified simulation-userid to check and verify the desired effect of the security-administration in advance.
Unfortunately there is a limit of 80 bytes for a single TSSSIM-Command in Batch, while TSSSIM-Commands containing for examle $DSN, VOLUME, ACCESS, PRIVPGM can become longer than 80 Bytes.
Therefore I suggest to enhance TSSSIM-Batch,
either that the recordsize and the commands in TSS$$IN can be longer than 80 bytes,
or to provide the possibility to continue the TSSSIM-commands in TSSSIM-Batch in the next line by a continuation-character '-' (similar to the TSS-Command)
added on 6.Nov 2017:
1.) Currently I have currently to do with a resclass, who's MAXPERMIT is far beyond 80 bytes. Therefore I would prefer a longer recordsize in TSS$$IN (and not a continuation-character ...).
2.) This idea has been submitted almost 2 years ago, got 8 votes so far and has still a status of "NEW", which comes down to that CA Technologies did not noticable deal with this idea.
Therefore my solemn appeal to CA Technologies: Maybe it is only little effort to complete TSSSIM-Batch-functionality and to significantly increase usability of this feature.
At least, I'd kindly ask for feedback after nearly two years ....