Only trusted user accounts and the UNVUBR520 user profile should have write permission to the UCMD Server product library (UNVPRD510) and all files within that library.
 
Eligible users of UCMD require read access to the message catalogs in the UNVNLS file.

Eligible users of UCMD require read access to the message catalogs in the $SYSTEM.UNVNLS subvolume.

Eligible users of UCMD require read access to the message catalogs (*.umc files) in the nls subdirectory of the Universal Agent installation directory (/opt/universal by default).

Eligible users of UCMD require read access to the message catalogs (*.umc files) in the nls subdirectory of the .\Universal installation directory. These file permissions are set automatically during the installation.

Only trusted user accounts should have write access to the UCMD Manager installation files. Eligible users of UCMD require read access to the national language support library (SUNVNLS), the configuration file (UNVCONF), and the load library (SUNVLOAD).

The UCMD Manager for z/OS verifies a users access to a RACF general resource profile. The resource profile controls a user's access to execute a command on a remote host with a specific remote user identity.
 
See the z/OS Installation - Configuration of Security for complete details on installing and administering UCMD Manager RACF profiles.

Although you can edit configuration files with any text editor (for example, Notepad), we recommend that you manage configuration options using the Universal Configuration Manager Control Panel application. Only user accounts in the Administrator group can execute the Universal Configuration Manager.