On 8/31/2006 3:43 PM, Hal Merritt wrote:
You may run into RACF issues if you auto revoke ID's after x days. The
long running task ID's may revoke, and that may or may not cause issues.
You should make sure that the IDs assigned to your started tasks are
PROTECTED (defined as NOPASSWORD), unless you have some odd case where
someone really needs to logon to the ID using TSO or some other
application.
The PROTECTED status will prevent them from revoking from inactivity.
Generally STC IDs can run revoked, but there are (as you mentioned)
cases that can still fail. Making the IDs PROTECTED should resolve
those additional cases, so long as you do not have someone manually
revoking the IDs, and so long as no one needs to logon using a password.
Walt Farrell, CISSP
z/OS Security Design,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
