Equivalent in TSS of "PROTECTED USER" in RACF

book

Article ID: 129675

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

TSS equivalent of "PROTECTED USER" in RACF

Is there an equivalent in TSS to the "PROTECTED USER" in RACF?
You can define a protected user ID by assigning the NOPASSWORD, NOPHRASE, and NOOIDCARD attributes through the ADDUSER or ALTUSER command.
Protected user IDs are protected from being used to logon to the system and from being revoked through inactivity or unsuccessful attempts to access the system using incorrect passwords and password phrases. 
The goal is to prevent a Acid (used in STC) to logon to the system in any way. 

Environment

z/os

Resolution

Currently Top Secret does not have a "Protected User" function as such.
But If these are STC acids then there is an option to have OPTIONS(4) set, which disables password checking when the acid is used as a started task.
Along with OPTIONS(4), giving the STC acid only access to FACILITY(STC), would then either set a non-expiring PASSWORD or PHRASE,
thus preventing logon to any other facility.