Current PSWDMIN set on the ACF2 GSO PSWD is 0:
PSWDMIN = 0 MINIMUM NUMBER OF DAYS TO ELAPSE FOR A PSWD CHANGE
LIDREC for each user is set for MINDAYS(3)
The ID admin team and helpdesk is able to change password for the user within a day. They should not be able to change password before 3 days. Why are they allowed?
Release : 16.0
Component : ACF2 for z/OS
The ACF2 GSO PSWD and LIDREC PSWDMIN/MINDAYS fields are only applicable for the user changing their own password. This is to help prevent users from cycling through their password history. Security administrators can always change the password for other users regardless of this setting. If this wasn't the case, then as an example if someone forgets their new password they wouldn't be able to log into the system until the PSWDMIN days was honored.
Security admins will be unable to change their own passwords. Attempting to do so will result in this message:
ACF00136 NEW PASSWORD NOT SET - CURRENT PASSWORD MUST BE KEPT FOR X DAYS
The only way a password can be reset before the limit specified in PSWDMIN/MINDAYS is for another privileged user to reset it.