On Wed, 7 Aug 2013 11:33:24 -0500, Greg Shirey <wgshi...@benekeith.com> wrote:
>Does anyone know of a method to resume a RACF revoked ID without having an SMF >record be written? An APF-authorized program can use ICHEINTY or RACROUTE REQUEST=EXTRACT,TYPE=REPLACE to resume a user ID, and neither will cut an SMF record. >...snipped... >We also produce a daily listing of our CICS user IDs and their RACF status. >On July 8 we had a user ID on our report that >was listed as REVOKED and a LAST-ACCESS date and time of 07/17/07 17:01:28. It had not been used in 6 years? Or was there a typo in there? > >On July 9, the report showed the ID was no longer revoked and the LAST-ACCESS >reported as 07/08/13 19:24:14. >However, our SMF report listed no ALTUSER command or any other command against >this ID. (No DELUSER or ADDUSER, for >instance). In theory the user ID could have been defined with a resume date of July 8, 2013, and if the user tried to logon on or after that date it would automatically become resumed. You would have whatever logon auditing you normally have, but no command records. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
