You can allow a user to access a protected resource for a limited
time by taking the following steps:
- Ensure that the only access the user has to the resource is by
virtue of the fact that the user is connected to a RACF® group that has the desired access to the
resource. (List the appropriate resource profiles to check for the
user's user ID, or other groups to which the user is connected, in
the access list. Also, list the user's RACF user
profile to check for the OPERATIONS or group-OPERATIONS attribute.
Depending on the class of the resource, the OPERATIONS attribute might
allow the user to access the resource.)
- Connect the user to the group with a resume or revoke date. To
cause the user's access to stop on a certain date, enter:
CONNECT userid GROUP(groupname) REVOKE(date)
To
cause the user's access to start on a certain date, enter:
CONNECT userid GROUP(groupname) RESUME(date)
Attention: If the user's membership in the group
allows the user to create profiles, and the user becomes the OWNER
of such profiles, the user might still have access to the profiles
after the revoke date.