Thank you all who made important and eye opening comments to my inquiry. Thanks again to a great user’s list.
On Thu, Jun 12, 2025 at 6:39 AM Robert S. Hansel <[email protected]> wrote: > Roberto, > > As others have pointed out, Started Task IDs with passwords could be > become revoked due to bad password entry or inactivity. Note that even if > its ID is revoked or the password is expired, a Started Task will still > start. This is a safety feature to prevent accidental or intentional denial > of service. However, if a Started Task with a revoked ID submits a job, the > job will fail due to the ID being revoked. > > Also of concern is that Help Desk staff could reset the password of a > Started Task ID and then log on with the ID to use whatever authority it > has, which is often considerable. RACF authorities that enable Help Desk > staff to reset passwords block them from resetting passwords on PROTECTED > IDs. > > Making Started Task IDs PROTECTED is considered to be a 'best practice" > and is probably a STIG and CIS requirement. The same is generally true for > production batch IDs. > > Regards, Bob > > Robert S. Hansel > Lead RACF Specialist > RSH Consulting, Inc. > 617-969-8211 > www.linkedin.com/in/roberthansel > www.rshconsulting.com > > -----Original Message----- > Date: Wed, 11 Jun 2025 09:05:33 -0400 > From: Roberto Halais <[email protected]> > Subject: STC Userids > > I would like some feedback on what would happen if we assign passwords to > the stcs in our z/OS environment. > At this moment the stcs have no passwords assigned to them. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
