Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
The REVOKE attribute z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
You can prevent a RACF® user from entering the system by assigning the REVOKE attribute on the ALTUSER command. This attribute is useful when you want to prevent a user from entering the system but you cannot use the DELUSER command because the user still owns RACF resource profiles. You can also assign the REVOKE attribute on a group level by using the CONNECT command. If the user has the REVOKE attribute for a group, the user cannot enter the system by connecting to that particular group, or access resources as a member of that group. RACF allows you to specify a future date for a REVOKE to occur (at both the system and the group level). You can also specify a future date to remove the REVOKE attribute by using the RESUME operand on the ALTUSER command. You can clear or delete a user's revoke date by issuing the NOREVOKE
operand of the ALTUSER COMMAND.
Only the owner of a user's profile (or a user who has the SPECIAL attribute) can assign the REVOKE attribute. |
Copyright IBM Corporation 1990, 2014
|