Getting NSX953 trying to add user or force password change in Netmaster

Document ID : KB000117871
Last Modified Date : 19/10/2018
Show Technical Document Details
Issue:

The region is set to use SEC=PARTSAF or SEC=NMSAF.
As Netmaster/SOLVE administrator, trying to Force password change for a user through the region results in message

NSX953 USERID: A8N9VZZ REVOKED 

Environment:
All SOLVE / Netmaster products, all releases
Resolution:

Using SEC=NMSAF, password handling is done via external security, (RACF/ACF2/Top Secret).

Individual users can change their passwords through Netmaster if the change password option is activated in the SXCTL member, see KB000023925.

It is not possible to reset another user's password through Netmaster.
When the SAF call goes out to RACF, it includes the requesting userid but there is no information included regarding the status of that userid as secuirity Admin or not. So to external security it appears that an unauthorized 3rd party is attempting to force a password change, which is not allowed. The return code is the same as what is normally used for revoked passwords, even though that is not the case in this instance, so the text does not reflect the actual result.

The solution is to handle forced password changes/resets directly in the external security product.