On 7 August 2013 12:33, Greg Shirey <[email protected]> wrote: > Does anyone know of a method to resume a RACF revoked ID without having an > SMF record be written?
Sure - just about anything can be done with the RACF macros. But they require authorization, of course. > We produce a daily listing of RACF commands from our SMF type 80s (using > RACFRW) and we list ADDUSER ADDGROUP ALTUSER ALTGROUP CONNECT DELUSER > DELGROUP PASSWORD PERMIT RALTER RDEFINE REMOVE. > > We also produce a daily listing of our CICS user IDs and their RACF status. > On July 8 we had a user ID on our report that was listed as REVOKED and a > LAST-ACCESS date and time of 07/17/07 17:01:28. What produces this second listing? > On July 9, the report showed the ID was no longer revoked and the LAST-ACCESS > reported as 07/08/13 19:24:14. However, our SMF report listed no ALTUSER > command or any other command against this ID. (No DELUSER or ADDUSER, for > instance). > > I dumped the SMF records for both July 7 and July 8 and ran a RACFRW to list > all the records and there is no reference to this User ID. Is it possible that the REVOKED status reported the first time was actually an indication of some other reason the user would not be able to logon, e.g. being revoked at the group level or having a revoke date that has been reached? Do your SMF records show CONNECT command activity that affects the user? There are doubtless other reasons that a report might claim a userid to be revoked when the magic "FLAG4" is not set. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
