I'm not aware of a way for a general user to be able to reset the PW of privileged users. Maybe someone else does.
But to reset other non-privileged users, take a look at FACILITY(IRR.PASSWORD.RESET) https://www.ibm.com/docs/en/zos/2.2.0?topic=phrases-delegating-authority-reset-password-any-user To authorize a general user or group to use the ALTUSER command to resume a revoked user or reset a user's password or password phrase (other than for a protected user or a user with the SPECIAL, OPERATIONS, AUDITOR, or ROAUDIT attribute), define a profile to protect the IRR.PASSWORD.RESET resource in the FACILITY class. If you do not define this profile, standard ALTUSER authority checking applies when RACF(r) determines whether the command issuer is authorized. RACF does not log failed access attempts to IRR.PASSWORD.RESET. Rather, these attempts are logged as ALTUSER command violations. Successful accesses to IRR.PASSWORD.RESET are logged at the installation's discretion. Tom Chicklon From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Jake Anderson Sent: Thursday, May 4, 2023 12:59 AM To: [email protected] Subject: Password reset delegation Hello Cross posted Is there a RACF profile which can allow a help desk user to reset the password for the user who has special operations attribute? I don't want to give help desk person a SPECIAL authority but I want to give him password reset ZjQcmQRYFpfptBannerStart CAUTION EXTERNAL EMAIL This message came from outside your organization. DO NOT open attachments or click on links from unknown senders or unexpected emails. ZjQcmQRYFpfptBannerEnd Hello Cross posted Is there a RACF profile which can allow a help desk user to reset the password for the user who has special operations attribute? I don't want to give help desk person a SPECIAL authority but I want to give him password reset authority alone Jake ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected]<mailto:[email protected]> with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
