Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Delegating the authority to reset passwords for only selected users z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
You can limit the authority of a general user or group to use the
ALTUSER command (to resume user IDs and reset passwords and password
phrases) by authorizing the user or group to do this for only a selected
set of users. You can limit the selected set of users in the following
ways:
To authorize a general user or group to use the ALTUSER command to perform resume and reset functions for only selected users, define a profile to protect the appropriate IRR.PWRESET.OWNER or IRR.PWRESET.TREE resource in the FACILITY class and authorize users and groups. If you do not define this profile, standard ALTUSER authority checking applies when RACF® determines whether the command issuer is authorized. Restriction: The IRR.PWRESET.OWNER and IRR.PWRESET.TREE authorities do not apply when the target of the ALTUSER command is a protected user or has the SPECIAL, AUDITOR, or OPERATIONS attribute. RACF does not log failed access attempts to IRR.PWRESET resources. Rather, these attempts are logged as ALTUSER command violations. Successful accesses to IRR.PWRESET resources are logged at the installation's discretion. |
Copyright IBM Corporation 1990, 2014
|