This might be a case of using the RACF VTAMAPPL class and only granting access to your helpdesk folks to the TSO APPL's and not the CICS Appls. You'd get more expert advice from the RACF-L if you wanted
Jerry Whitteridge jerry.whitteri...@albertsons.com Manager Mainframe Systems & HP Non-Stop Albertsons Companies -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of McCabe, Ron Sent: Monday, July 27, 2020 1:32 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: EXTERNAL EMAIL: Keeping TSO users our of CICS Hello IBM Listers, Got an interesting problem that I would like to know how we can avoid. Our Help Desk users TSO accounts have the SPECIAL ATTRIBUTE so they can reset passwords and define new users. These TSO accounts are not defined to CICS but every once in awhile one of them will try to login to CICS using their TSO account and after messing up their password 3 times the system puts out an ICH302D message asking if we want to REVOKE them or let them try again (we REVOKE), this message waits for a reply and while it is waiting CICS hangs until a reply is given. We thought about defining their TSO accounts to CICS but that does not help if they actually do mess up their password. We thought we could do it with RACF but RACF doesn't check any authorization until "after" the user successfully signs on so we would still get the ICH302D message. Does anyone else run into this problem? Is there a way we can get around this problem? We thought about having MSGTABLE do an automated response but there could be times when we don't want to have the user REVOKED. Thanks, Ron McCabe Manager of Mainframe/Midrange Systems Mutual of Enumclaw Confidentiality Notice: This e- mail and all attachments may contain CONFIDENTIAL information and are meant solely for the intended recipient. It may contain controlled, privileged, or proprietary information that is protected under applicable law and shall not be disclosed to any unauthorized third party. If you are not the intended recipient, you are hereby notified that any unauthorized review, action, disclosure, distribution, or reproduction of any information contained in this e- mail and any attachments is strictly PROHIBITED. If you received this e- mail in error, please reply to the sender immediately stating that this transmission was misdirected, and delete or destroy all electronic and paper copies of this e-mail and attachments without disclosing the contents. This e- mail does not grant or assign rights of ownership in the proprietary subject matter herein, nor shall it be construed as a joint venture, partnership, teaming agreement, or any other formal business relationship. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ________________________________ Warning: All e-mail sent to this address will be received by the corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain proprietary information and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately. ________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
