Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Delegating help desk authorities for all users, excluding selected users z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
In this scenario, an installation currently delegates the ability to reset passwords and list users to a group called HELPDESK by authorizing READ access to the IRR.PASSWORD.RESET profile and the IRR.LISTUSER profile in the FACILITY class. The installation wants to continue to delegate these abilities to the HELPDESK group but now wants to prevent the passwords of two users from being reset. In other words, users who are members of the HELPDESK group need to be authorized to reset passwords and list user profiles for all users except the group-SPECIAL users SHANNON and ANDREW. The following examples remove the previous authorities from the HELPDESK group and then delegate the authority to reset passwords and list profiles for all users, excluding the two selected users.
|
Copyright IBM Corporation 1990, 2014
|