Locking Expired Password

Context and operating mode

This Workflow rule is a manual rule (the Workflow is launched either directly or in batch mode).

It triggers :

 a message.

 an action.

This Workflow rule, that runs through the user table to check their characteristics, should be run in batch with a frequency connected with the allocated time (every day if this time is expressed in days).

Triggering criteria

The additional triggering criteria are the following :

• The AUTILIS template (that simply declares the AUTILIS table) is used to run through the user table.
• Nothing should be done (for security reasons) if the record matches the general administrator's (known by the ADMUSR parameter).
• Those passwords that are assigned automatically can be spotted by their date, since the system dates them back to the 1st of January, 1970.
• It should be checked that the maximum of the creation and modification dates, plus two days, is less the the current date, in order to deal with the creation (modification date equal to null) and modification (modification date later than the creation date) cases. In effect it is important to note that any password change updates this date.
• It should be checked that the account is not already locked.

If all these conditions are met, then the password has not been modified since it was assigned.

Containers

The recipient selection is performed as follows :

• The general administrator receives a message when the account locking conditions are met.

Actions triggered by the event

The Workflow event triggers the following action :

This action updates fields of one of the tables on line. Here, it is the AUTILIS table, identified by its abbreviation AUS, and the field in question is the USRCONNECT field (connection authorization), forced to 1 (No).

Tables used

The following tables are impacted by the rule BLKPSW :