I think that's how we allowed group owners to manage their own group and
password change/reset without bothering the RACF ADMIN
but that was many moons ago :(
Carmen
On 1/12/2022 12:33 PM, Wayne Bickerdike wrote:
GROUP SPECIAL may work.
On Wed, Jan 12, 2022, 22:04 Gadi Ben-Avi<[email protected]> wrote:
The user issuing the command also has CONTROL access to IRR.PWRESET.TREE
It seems like it won't work, and I'll have to find a workaround.
Gadi
-----Original Message-----
From: IBM Mainframe Discussion List<[email protected]> On Behalf
Of Attila Fogarasi
Sent: Wednesday, January 12, 2022 12:48 PM
To:[email protected]
Subject: Re: Change password
For completeness, also through Facility IRR.PWRESET.OWNER or
IRR.PWRESET.TREE or by being owner of the user profile, for ordinary
userids.
However userids with some powerful attributes, such as SPECIAL,
OPERATIONS, AUDITOR and PROTECTED cannot be manipulated without having
SPECIAL authority.
On Wed, Jan 12, 2022 at 9:41 PM Itschak Mugzach <
[email protected]> wrote:
Gadi,
allow the user (that enter the command) to facility irr.password.reset
*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS,
zLinux and IBM I **| *
*|* *Email**:[email protected] **|* *Mob**: +972 522 986404
**|*
*Skype**: ItschakMugzach **|* *Web**:www.Securiteam.co.il **|*
On Wed, Jan 12, 2022 at 12:28 PM Gadi Ben-Avi<[email protected]> wrote:
Hi,
I would like to allow a user that does not have the special or group
special attribute to issue the following command succefully:
alu uuuu password(xxxx) resume noexpire revoke ( 01/13/22 )
Is this possible?
Right now the command fails with
ICH408I USER(OP01 ) GROUP(OPER ) NAME(OPER-01 )
PARTIAL VIOLATION ON COMMAND ALTUSER
We are running z/OS v2.4.
Gadi
--------------------------------------------------------------------
-- For IBM-MAIN subscribe / signoff / archive access instructions,
send email [email protected] with the message: INFO
IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send
email [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email
[email protected] with the message: INFO IBM-MAIN
Email secured by Check Point
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email [email protected] with the message: INFO IBM-MAIN
--
/I am not bound to win, but I am bound to be true. I am not bound to
succeed, but I am bound to live by the light that I have. I must stand
with anybody that stands right, and stand with him while he is right,
and part with him when he goes wrong. *Abraham Lincoln*/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
