Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Revoking unused user IDs (INACTIVE option) z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
The INACTIVE operand of the SETROPTS command causes RACF® to revoke the user's right to use the system if the user ID has remained unused beyond a specified number of days. RACF revokes the user the next time the user attempts to enter the system. The following example specifies that RACF revoke
a user ID if it is unused for over 30 days:
If
you issue the SETROPTS INACTIVE(30) command and a user has not done
any of the following in 31 days:
When you define a new user ID, the user's last access date is set to the user ID's creation date. If the user ID is not used within the number of days specified by SETROPTS INACTIVE, the user ID will be revoked. When you issue the LISTUSER for a new user ID that has never been used, the last access date will be listed as UNKNOWN. If NOINACTIVE is in effect, RACF does not check the user ID against an unused user ID interval. If NOINITSTATS is in effect, the INACTIVE, REVOKE, HISTORY, and WARNING options cannot be used. |
Copyright IBM Corporation 1990, 2014
|