Previous Topic: Defining SUDO Records (Task Delegation)Next Topic: Managing User Passwords


Checking User Inactivity

The inactivity feature protects the system from unauthorized access through accounts whose owners are away or no longer employed by the organization. An inactive day is a day in which the user does not log in. You can specify the number of inactive days that must pass before the user account is suspended and cannot log in. Once an account is suspended, you must manually reactivate it.

Note: Password changes count as activities, in terms of inactivity checks. If a user's password changes, that user cannot become suspended due to inactivity.

You can set the number of inactive days with the inactive property of a USER class record or a GROUP class record. The latter affects only users that have that group as a profile group. You can also set inactivity for all users systemwide with the INACT property of the SEOS class.

In selang, use the following command to specify inactivity globally:

setoptions inactive (numdays)

To set the number of days for a group (which overrides the systemwide inactive setting for that group), use the following command:

editgrp groupName inactive (numdays)

To set the number of days for a user (which overrides group and systemwide settings for that user), use the following command:

editusr userName inactive (numdays)

To reactivate a suspended user account, use the following command:

editusr userName resume

To reactivate a suspended profile group, use the following command:

editgrp userName resume

To disable inactive login checking at the systemwide level, use the following command:

setoptions inactive‑

To disable inactive login checking for a group, use the following command:

editgrp groupName inactive‑

To disable inactive login checking for a user, use the following command:

editusr userName inactive‑