VM

Tuesday Tip:  VM:Secure can be used to  automatically 'expire' a user ID 

09-30-2014 09:12 AM

VM:Secure does not have a way to automatically remove a user ID. But, with the Rules Facility, an expiration date/time for a user ID can be set so that after the specified date and time the user ID will no longer be able to logon.

For example, a contractor is going to work for 2 months. Create the user ID, then in the SYSTEM RULES file create a rule that states:

ACCEPT GEORGE LOGON EXPIRE 10/15/14.

Rules can be more specific. For instance, a rule could allow GEORGE to only logon on certain days and/or between certain hours.

For other RULES that can be used with expiration dates, review the VM:Secure Rules Facility Guide.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

10-02-2014 12:54 PM

We had a need to automatically get rid of userids that weren't used in 90 days. I use the MANAGER of the id so that I process only human ids (wouldn't want to expire MAINT630 say). Then I wrote a LASTLOG command into VMSECURE that returns the *LA= or *LL= fields for the user on the systems or all systems in the cluster. Last step was to place the idle id on HOLD for 30 days using a process that runs at midnight on the manager of those human ids. If it stays on hold for 30 days, another part of the process REMOVES the id.

09-30-2014 10:11 AM

Couple quick doc links:

Related Entries and Links

No Related Resource entered.