z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Controlling the use of the RACLINK PWSYNC operand

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

RACLINK commands that specify the PWSYNC operand are subject to a security check to determine if the command issuer is authorized to request password synchronization with user IDs that are on the specified node. Because password synchronization is controlled at a node level, the local node and all target nodes defined to it must have appropriate profiles.

To allow password synchronization to occur with user IDs on a specific node, create a profile in the RRSFDATA class to protect a resource called RACLINK.PWSYNC.node, where node is the node name.

When you issue a request to create an association with password synchronization, you need to have:
  • The authority to issue the RACLINK DEFINE command with PWSYNC specified
  • READ access to the RACLINK.DEFINE.node and RACLINK.PWSYNC.node resources
The request will fail if:
  1. The RRSFDATA class is inactive.
  2. There is no RRSFDATA resource protecting RACLINK.PWSYNC.node for the specified node.
  3. You do not have READ access to the RACLINK.DEFINE.node and RACLINK.PWSYNC.node resources.
Parent topic: Controlling access to the RACLINK command

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014