Sites may want to allow helpdesk logonids the ability to only RESET logonid or change PASSWORDs without giving them the SECURITY privilege.
Component : CA ACF2 for z/OS
To allow help desk/operations staff to do password RESETs or changes you can give them the ACF2 logonid LEADER privilege and identify what fields in the logonid record that the HELP DESK needs to modify and then change the CFDE entry in the ACFFDR to include LEADER in the ALTER list. You can give HELP DESK personnel the ACF2 loginid LEADER privilege. For example, if you want the HELP DESK to
be able to CHANGE a user's password or RESET the password violation count, the CFDE entries for PASSWORD and PSWD-VIO would need to specify LEADER in the ALTER list. The steps to do this are as follows.
The CFDE for PASSWORD should include LEADER in the ALTER list. To make the change: