Helpdesk Authority to remove suspends and reset passwords?
search cancel

Helpdesk Authority to remove suspends and reset passwords?


Article ID: 45837


Updated On:


Top Secret Top Secret - LDAP



What authority is necessary for a helpdesk person to be able to remove suspends and reset passwords?





Release: TOPSEC00200-16-Top Secret-Security


When a user gets VTHRESH (suspended due to violations) or PTHRESH (suspended due to too many incorrect password violations), then the helpdesk needs to unsuspend them and if PTHRESH then also replace the password.    

Helpdesk personnel should be given MISC8(PWMAINT) authority. This limits the ability to only replacing passwords or removing suspends. This will allow the use of the PASSWORD keyword on any command, or the SUSPEND keyword on the REMOVE command.


If an administrator deliberately suspends an acid, which is called ASUSPEND, then the helpdesk will not be able to override the administrators suspend. They would need the MISC8(ASUSPEND) authority to override an administrative (ASUSPEND) suspend.

You do not want to give helpdesk personnel ACID(MAINTAIN) or MISC1(SUSPEND).  This gives too much authority.

You do need to make helpdesk personnel SCAs so that they are not limited to acids within their scope.  This is not a problem because an SCA doesn't have any special authority.  All authority has to be granted to them.