Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Protected user IDs z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
The user IDs that you assign to started procedures should have the PROTECTED attribute. Protected user IDs are user IDs that have the NOPASSWORD, NOPHRASE, and NOOIDCARD attributes. They are defined or modified using the ADDUSER and ALTUSER commands. See Defining protected user IDs for more information. Protected user IDs cannot be used to logon to the system, and are
protected from being revoked through incorrect system access attempts.
The following example shows a protected user ID being defined for
a CICS® region, and an existing
user ID used by JES being given the PROTECTED attribute:
If you do not specify NOPASSWORD for a user ID assigned to a started procedure, you should specify a password and change the password periodically. If you do not specify a password and do not specify NOPASSWORD, RACF® uses the default group name as the password. Anyone who knows this user ID and password combination can gain access to any resource that the started procedure can access. See Using protected user IDs for batch jobs for more information. Note: If the associated user ID is revoked for any reason, the started
procedure might have problems allocating new SMS-managed data sets,
submitting batch jobs, and obtaining printed output.
|
Copyright IBM Corporation 1990, 2014
|