z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Providing a form of timed PERMIT

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can allow a user to access a protected resource for a limited time by taking the following steps:
  1. Ensure that the only access the user has to the resource is by virtue of the fact that the user is connected to a RACF® group that has the desired access to the resource. (List the appropriate resource profiles to check for the user's user ID, or other groups to which the user is connected, in the access list. Also, list the user's RACF user profile to check for the OPERATIONS or group-OPERATIONS attribute. Depending on the class of the resource, the OPERATIONS attribute might allow the user to access the resource.)
  2. Connect the user to the group with a resume or revoke date. To cause the user's access to stop on a certain date, enter: 
    CONNECT userid GROUP(groupname) REVOKE(date)
    To cause the user's access to start on a certain date, enter: 
    CONNECT userid GROUP(groupname) RESUME(date)
    Attention: If the user's membership in the group allows the user to create profiles, and the user becomes the OWNER of such profiles, the user might still have access to the profiles after the revoke date.
Parent topic: Benefits of using RACF groups

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014