Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
SIGNOFF (Sign off sessions) z/OS Security Server RACF Command Language Reference SA23-2292-00 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
BackgroundPersistent verification allows users to sign on to a partner LU (logical unit) and have their authority persist. In other words, once a user has signed on, a password is not required for subsequent signon attempts. APPC/MVS invokes RACF to create and maintain a list called the signed-on-from list. If persistent verification is being used, the signed-on-from list consists of the users currently signed on with Persistent Verification authority. PurposeThe RACF SIGNOFF operator command
removes user entries from the signed-on-from list. Entries in the
signed-on-from list are selected by the SIGNOFF command using the
following information:
The SIGNOFF command has operands which correspond to the items above. You can use these operands to select which user entries to remove from the signed-on-from list. To determine which user entries are signed off by issuing a particular SIGNOFF command, issue a DISPLAY command with corresponding selection criteria. Issuing optionsThe following table identifies the eligible options for issuing the SIGNOFF command:
For information on issuing this command as a RACF® operator command, see RACF operator commands. Related commandsUse the DISPLAY operator command to view the signed-on-from list. Authorization requiredYou might require sufficient authority to the proper resource in the OPERCMDS class. For details about OPERCMDS resources, see "Controlling the use of operator commands" in z/OS Security Server RACF Security Administrator's Guide. SyntaxFor the key to the symbols used in the command syntax diagrams, see Syntax of RACF commands and operands. The complete syntax of the SIGNOFF command is:
For information on issuing this command as a RACF operator command, see Rules for entering RACF operator commands. Parameters
The operands listed below allow the operator
to specify the user entries to be signed off. The APPL,
POE and USER operands are
required to uniquely identify a user entry to be signed off. The GROUP operand
is optional and defaults to a group-name consisting
of blanks.
Examples
|
Copyright IBM Corporation 1990, 2014
|