Jacky Bright wrote: >While auditing RACF reports came across few userids for which the Last access date is older than 300 days but still the userid is Active. SETR INACTIVE 90 has been set. What could be the issue ? Z/OS ver is 1.7.
This is WAD for all versions of z/OS. As documented in Security Server RACF Security Administrator's Guide: If you issue the SETROPTS INACTIVE(30) command and a user has not done any of the following in 31 days: - Logged on - Submitted a job - Changed their password or pass phrase by any method - Attempted an unsuccessful logon - Received a directed command or output from RACF that user is considered revoked. However, the user is not actually revoked and the output of the LISTUSER command does not show that the user is revoked until the user next attempts to log on or submit a job. So your ids should DO something to be REVOKED. You can always revoke them yourself. HTH! Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
