Equivalent in TSS of "PROTECTED USER" in RACF
Article ID: 129675
Updated On: 05-03-2019
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
TSS equivalent of "PROTECTED USER" in RACF
Is there an equivalent in TSS to the "PROTECTED USER" in RACF?
You can define a protected user ID by assigning the NOPASSWORD, NOPHRASE, and NOOIDCARD attributes through the ADDUSER or ALTUSER command.
Protected user IDs are protected from being used to logon to the system and from being revoked through inactivity or unsuccessful attempts to access the system using incorrect passwords and password phrases.
The goal is to prevent a Acid (used in STC) to logon to the system in any way.
Is there an equivalent in TSS to the "PROTECTED USER" in RACF?
You can define a protected user ID by assigning the NOPASSWORD, NOPHRASE, and NOOIDCARD attributes through the ADDUSER or ALTUSER command.
Protected user IDs are protected from being used to logon to the system and from being revoked through inactivity or unsuccessful attempts to access the system using incorrect passwords and password phrases.
The goal is to prevent a Acid (used in STC) to logon to the system in any way.
Environment
z/os
Resolution
Currently Top Secret does not have a "Protected User" function as such.
But If these are STC acids then there is an option to have OPTIONS(4) set, which disables password checking when the acid is used as a started task.
Along with OPTIONS(4), giving the STC acid only access to FACILITY(STC), would then either set a non-expiring PASSWORD or PHRASE,
thus preventing logon to any other facility.
But If these are STC acids then there is an option to have OPTIONS(4) set, which disables password checking when the acid is used as a started task.
Along with OPTIONS(4), giving the STC acid only access to FACILITY(STC), would then either set a non-expiring PASSWORD or PHRASE,
thus preventing logon to any other facility.
Feedback
Yes
No
Powered by
