Lock access to system for user
Component: | SRPMNUC |
Functional area: | User management |
Domain: | USER-ADMINISTRATION |
Privileges: | STD-PROCESSING |
Routing code: | $ |
Function
This command can be used to prevent a user from accessing the system. The access lock for the user is entered in the user catalog of the specified pubset.
If this declaration is made for the home pubset in which logon validation is performed, the user is also denied access to the system.
This temporary access lock can be canceled with the UNLOCK-USER command.
If the definition applies to a data pubset, the access lock is filed there and evaluated only in the event that this pubset assumes the role of the home pubset.
The LOCK-USER command is not permitted
for the user ID TSOS
for the ID of the user issuing the command
Restriction
The only nonprivileged users (STD-PROCESSING privilege) authorized to issue this command are those designated as group administrators. The actions a group administrator can take are defined by the system support personnel. On setting up and managing user groups see the “SECOS” manual [35].
Format
LOCK-USER |
USER-IDENTIFICATION = <name 1..8> ,PUBSET = *HOME / <cat-id 1..4> |
Operands
USER-IDENTIFICATION = <name 1..8>
Identifies the user whose access is to be locked.
PUBSET = *HOME / <cat-id 1..4>
Enters the access lock for the user in the user catalog of the specified pubset.
PUBSET = *HOME
Specifies the user catalog of the home pubset, thus denying the user access to the system. Logon attempts by the user are rejected with a message.
Return codes
(SC2) | SC1 | Maincode | Meaning |
|---|---|---|---|
0 | CMD0001 | No error | |
2 | 0 | SRM6001 | Command executed with a warning |
1 | SRM6010 | Syntax error | |
32 | SRM6020 | System error during command processing | |
64 | SRM6040 | Semantic error | |
130 | SRM6030 | Command temporarily cannot be executed |
Example
/lock-user cognibs3
% SRM2201 DO YOU WANT TO LOCK USER ID 'COGNIbBS3' ON PUBSET '1OSH' ? REPLY (Y=YES; N=NO)? y
/show-user-attr cognibs3
%SHOW-USER-ATTRIBUTES --- PUBSET TK82 - USER COGNIBS3 2017-01-29 15:09:50 %------------------------------------------------------------------------------ %USER-ID COGNIBS3 PUBLIC-SPACE-USED 0 %GROUP-ID *UNIVERSAL PUBLIC-SPACE-LIMIT 20000 %DEFAULT-PUBSET TK82 PUBLIC-SPACE-EXCESS *NO %MAX-ACCOUNT-RECORDS 100 TEMP-SPACE-USED 0 %DEFAULT-MSG-LANGUAGE TEMP-SPACE-LIMIT 2147483647 % FILES 0 %PROTECTION-ATTRIBUTES... FILE-NUMBER-LIMIT 16777215 %LOGON-PASSWORD *YES JOB-VARIABLES 0 %PASSWORD-MGMT *USER-CHANGE-ONLY JV-NUMBER-LIMIT 16777215 %TAPE-ACCESS *READ RESIDENT-PAGES 32767 %FILE-AUDIT *NO ADDRESS-SPACE-LIMIT 16 % DMS-TUNING-RESOURCES *NONE %TEST-OPTIONS... CSTMP-MACRO-ALLOWED *NO %READ-PRIVILEGE 1 CODED-CHARACTER-SET EDF03IRV %WRITE-PRIVILEGE 1 PHYSICAL-ALLOCATION *NO %MODIFICATION *CONTROLLED USER-LOCKED *YES % CRYPTO-SESSION-USED 0 %AUDIT... CRYPTO-SESSION-LIMIT 128 %HARDWARE-AUDIT *ALLOWED NET-STORAGE-USAGE *ALLOWED %LINKAGE-AUDIT *ALLOWED NET-CODED-CHAR-SET *ISO % %PROFILE-ID *NONE %MAIL-ADDRESS Abteilung Z8 Raum 55.105 %EMAIL-ADDRESS alfred.holli@incognito.de, % joachim.vogi@incognito.de, % (jk)johannes.kuli@incognito.de, % (mr)mathias.reh@incognito.de % %+---------+-----------+---------+--------+------------+-------+------+------+ %!ACCOUNT-#! CPU-LIMIT !SPOOLOUT-!MAX-RUN-!MAX-ALLOWED-!NO-CPU-!START-!INHIB-! %! ! ! CLASS !PRIORITY! CATEGORY ! LIMIT ! IMMED! DEACT! %+---------+-----------+---------+--------+------------+-------+------+------+ %! ACC00015! 10000! 0 ! 255 ! STD ! NO ! YES ! NO ! %+---------+-----------+---------+--------+------------+-------+------+------+ %DEFAULT-ACCOUNT-# FOR LOGON: *NONE %DEFAULT-ACCOUNT-# FOR REMOTE-LOGIN: *NONE % %DEFAULT-JOB-CLASS FOR BATCH-JOBS: JCBSTD %DEFAULT-JOB-CLASS FOR DIALOG-JOBS: JCDSTD %LIST OF JOB-CLASSES ALLOWED: %JCBATCHF JCBSTD JCB00050 JCB00200 JCB02000 JCB05000 JCB32000 JCDSTD %------------------------------------------------------------------------------ %SHOW-USER-ATTRIBUTES END OF DISPLAY FOR USER COGNIBS3 ON PUBSET TK82 /
User ID COGNIBS3 is temporarily barred from accessing the system. This is indicated by the value *YES in the USER-LOCKED output field of the user entry displayed by the SHOW-USER-ATTRIBUTES command.