|
This makes great sense, Francis. Another thing you can do is to create the user profile with just enough authority to sign on and run an initial program that says to call IT. Set the password to expired so they have to change it. Then, only after they've verified to the security handlers who they are (and that they've signed on) do you actually grant them authority to do work. Joe
From: Lapeyre, Francis We have a Security Office who are the only ones who can create user profiles. New profiles can't be created unless they appear in HR or are on an exception list (IBM-supplied, contractors, and so forth). New profiles are set to *DISABLED, and a new user must call the help desk to have it enabled. They have to verify the last 4 digits of the user's SSN. HD has no access to CHGUSRPRF (except through the program that validates the user through the HR files) or CRTUSRPRF. When a user is terminated, their profile is automatically disabled early the next morning, when we get the update from HR. The HD cannot enable terminated users.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
