z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Steps for delegating the authority to reset the password for any user

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Perform the following steps to authorize a general user or group to use the ALTUSER command to resume a revoked user or reset a user's password or password phrase.
  1. Define a profile to protect the IRR.PASSWORD.RESET resource in the FACILITY class.
    Example:
    RDEFINE FACILITY IRR.PASSWORD.RESET UACC(NONE)
   AUDIT(FAILURES(NONE) SUCCESSES(READ))

    ______________________________________________________________________

  2. Authorize the general users or groups.
    Example:
    PERMIT IRR.PASSWORD.RESET CLASS(FACILITY) ID(HELPDESK USER19) ACCESS(READ)

    See Levels of authority for restrictions and details about authority based on the access level to IRR.PASSWORD.RESET.

    ______________________________________________________________________

  3. Activate the FACILITY class if not already active.
    Example:
    SETROPTS CLASSACT(FACILITY)
    If the FACILITY class is already active and RACLISTed, refresh the FACILITY class profiles.
    SETROPTS RACLIST(FACILITY) REFRESH

    ______________________________________________________________________

You have now authorized a general user or group to use the ALTUSER command to resume the user ID or reset the password or password phrase for any user, excluding protected users and users with the SPECIAL, OPERATION, or AUDITOR attribute.

Parent topic: Delegating the authority to reset the password for any user

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014