The user issuing the command also has CONTROL access to IRR.PWRESET.TREE It seems like it won't work, and I'll have to find a workaround.
Gadi -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Attila Fogarasi Sent: Wednesday, January 12, 2022 12:48 PM To: [email protected] Subject: Re: Change password For completeness, also through Facility IRR.PWRESET.OWNER or IRR.PWRESET.TREE or by being owner of the user profile, for ordinary userids. However userids with some powerful attributes, such as SPECIAL, OPERATIONS, AUDITOR and PROTECTED cannot be manipulated without having SPECIAL authority. On Wed, Jan 12, 2022 at 9:41 PM Itschak Mugzach < [email protected]> wrote: > Gadi, > > allow the user (that enter the command) to facility irr.password.reset > > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere > Platform* *|* *Information Security Continuous Monitoring for Z/OS, > zLinux and IBM I **| * > > *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 > **|* > *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* > > > > > > On Wed, Jan 12, 2022 at 12:28 PM Gadi Ben-Avi <[email protected]> wrote: > > > Hi, > > I would like to allow a user that does not have the special or group > > special attribute to issue the following command succefully: > > alu uuuu password(xxxx) resume noexpire revoke ( 01/13/22 ) > > > > Is this possible? > > Right now the command fails with > > ICH408I USER(OP01 ) GROUP(OPER ) NAME(OPER-01 ) > > PARTIAL VIOLATION ON COMMAND ALTUSER > > > > > > We are running z/OS v2.4. > > > > Gadi > > > > -------------------------------------------------------------------- > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO > > IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN Email secured by Check Point ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
