z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Delegating help desk authorities by group tree

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

The following examples delegate help desk authorities based on the scope of a group tree.

  • User USERH needs the abilities to reset passwords and password phrases and resume user IDs for users that are in the scope of group GROUP1.
    Examples:
    RDEFINE FACILITY IRR.PWRESET.TREE.GROUP1 UACC(NONE) 
   AUDIT(FAILURES(NONE) SUCCESSES(READ))
PERMIT IRR.PWRESET.TREE.GROUP1 CLASS(FACILITY) ACCESS(READ) ID(USERH)

SETROPTS CLASSACT(FACILITY)
   or, if the FACILITY class is already active and RACLISTed:
   SETROPTS RACLIST(FACILITY) REFRESH
  • The users connected to group HLPDESK8 need the abilities to reset passwords and password phrases and resume user IDs for users that are in the scope of group GROUP1. The following commands also prevent the password of a group-SPECIAL user called USER1 from being reset.
    Examples:
    RDEFINE FACILITY IRR.PWRESET.TREE.GROUP1 UACC(NONE) 
   AUDIT(FAILURES(NONE) SUCCESSES(READ))
PERMIT IRR.PWRESET.TREE.GROUP1 CLASS(FACILITY) ACCESS(READ) ID(HLPDESK8)
RDEFINE FACILITY IRR.PWRESET.EXCLUDE.USER1 UACC(NONE)

SETROPTS CLASSACT(FACILITY)
   or, if the FACILITY class is already active and RACLISTed:
   SETROPTS RACLIST(FACILITY) REFRESH
Parent topic: Examples of delegating help desk authorities

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014