Previous Topic: Logon ChecksNext Topic: Disabling Concurrent Logins


Defining Time and Day Login Rules

Information security is most vulnerable in times of low activity. Late hours of the night and weekends are ideal times for breaking in, because fewer people are available to monitor the audit records. Setting up appropriate terminal authority rules forces an intruder to use a terminal that is in a protected location. Setting up days‑of‑week (DOW) and time‑of‑day (TOD) access rules forces the intruder to attempt break‑ins during work hours when offices are open and active. This combination severely restricts break‑ins.

Limiting the days and hours in which a user can log in is done on a user‑by‑user basis. To define the DOW and TOD login restrictions for a user, use the following command:

chusr USR1 restrictions(days(Mon,Tue,Wed)time(800:1700))

This command permits user USR1 to log in only between 8:00 and 17:00 on Mondays, Tuesdays, and Wednesdays. USR1 cannot log in outside the specified time on the specified days, or on days other than those specified.

The days parameter also accepts the values ANYDAY (allow logins on all seven days of the week) and WEEKDAYS (allow logins Monday through Friday). The time parameter also accepts the value ANYTIME (allow logins at any time of the day).

Note: You can apply the DOW and TOD restrictions to many resources defined in the database. This feature is particularly useful for giving terminals and terminal groups limited periods of usability.