CHGUSRPRF2 -- Change User Profile 2

CHGUSRPRF2 CHANGE USER PROFILE NBR 2 TAASEDH
The Change User Profile Nbr 2 command is designed to be used by Assistant Security Officers that are given limited authority by the Security Officer. The command allows a subset of the parameters of a user profile to be changed. A typical command would be entered as: CHGUSRPRF2 USRPRF(xxxx) The CHGUSRPRF command prompt would appear with the current values displayed (not all parameters need be displayed). To allow a user to use CHGUSRPRF2, the Security Officer must do the following: Grant the user to the authorization list TAACHGPRF2. Specify the parameter names that are valid to be changed in the CHGUSRPRF2 data area in TAASECURE. The CHGUSRPRF2 data area should contain only the names of the parameters that the Assistant Security Officer may change. The data area is maintained with the CONARR tool using the command: EDTCONARR DTAARA(TAASECURE/CHGUSRPRF2) For example, if INLPGM and INLMNU are the only parameters identified in the data area, the CHGUSRPRF command would show only those values as valid to change. An option on the CHGUSRPRF2 command determines whether the other parameters are displayed in a protected mode. The parameters PWD and DOCPWD cannot be specified. The parameters GRPPRF and SUPGRPPRF cannot be changed unless the user is authorized to the group profile. When CHGUSRPRF2 runs, it first ensures that the parameters specified in the data area are valid. The user profile named on CHGUSRPRF2 cannot be QSECOFR or any user profile with one of the special authorities: - ALLOBJ - SECADM - SERVICE In addition, the specific profiles QSRV, QSRVBAS, and TAAJOBCTL may not be changed. If there are other profiles that should be prevented from being changed, they may be specified in the INZPWD data area in TAASECURE with the command: EDTCONARR DTAARA(TAASECURE/INZPWD) This is the same data area used by the INZPWD tool. To provide for an audit trail of the use of the CHGUSRPRF2 command, the following occurs: * If the QAUDJRN journal exists, an entry is sent to it describing the use of CHGUSRPRF2, the profile that was changed, and the user that made the change. The entry type is CP. ** If the QAUDJRN journal does not exist, the same information as described for the journal entry is sent as a message to QHST. CHGUSRPRF2 is an option on the SECOFR2 menu. See the SECOFR2 tool. Use with the TAADPTSEC Authorization List ----------------------------------------- An alternative approach is to allow for multiple assistant security officers who can each manage a set of unique user profiles. This is called a 'Departmental Security Officer'. See the discussion of the TAADPTSEC authorization list in the SECOFR2 tool documentation. Command parameters CMD ------------------ USRPRF The user profile to be changed. It cannot be QSECOFR or a user with ALLOBJ, SECADM, or SERVICE special authority. If any profiles exist in the INZPWD data area in TAASECURE, they are also prevented from being changed. See the INZPWD tool for how to make entries in the INZPWD data area. DSPNONCHG A YES/NO option that defaults to NO. NO means that only the values allowed to be changed will be shown on the CHGUSRPRF prompt. YES means that all the current values will be displayed on the CHGUSRPRF prompt, but only those described in the CHGUSRPRF2 data area in TAASECURE can be changed. Restrictions ------------ The user must be authorized to the TAACHGPRF2 authorization list and the Security Officer must enter the valid parameters to be changed into the CHGUSRPRF2 data area in TAASECURE with EDTCONARR. The parameters GRPPRF and SUPGRPPRF cannot be changed unless the user is authorized to the group profile. Prerequisites ------------- The following TAA Tools must be on your system: CONARR Constant array EDTVAR Edit variable EXPVAL Expand value RTVSPCAUT Retrieve special authority Implementation -------------- The tool is ready to use, but the user must be authorized to the TAACHGPRF2 authorization list and there must be a least one entry in the CHGUSRPRF2 data area in TAASECURE. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CHGUSRPRF2 CMD TAASEDH QATTCMD TAASEDHC PGM CLP TAASEDHC QATTCL The CHGUSRPRF2 DTAARA exists in TAASECURE.

CHGUSRPRF2      CHANGE USER PROFILE NBR 2              TAASEDH


The  Change User  Profile  Nbr 2  command  is designed  to  be used  by
Assistant  Security Officers that  are given  limited authority  by the
Security  Officer.  The command allows a  subset of the parameters of a
user profile to be changed.

A typical command would be entered as:

         CHGUSRPRF2    USRPRF(xxxx)

The CHGUSRPRF  command  prompt would  appear  with the  current  values
displayed (not all parameters need be displayed).

To allow  a user to  use CHGUSRPRF2, the  Security Officer must  do the
following:

  **   Grant the user to the authorization list TAACHGPRF2.

  **   Specify  the parameter  names that  are valid  to be  changed in
       the CHGUSRPRF2 data area in TAASECURE.

The  CHGUSRPRF2  data  area  should  contain  only  the  names  of  the
parameters that  the Assistant Security Officer  may change.   The data
area is maintained with the CONARR tool using the command:

            EDTCONARR    DTAARA(TAASECURE/CHGUSRPRF2)

For  example, if INLPGM and  INLMNU are the  only parameters identified
in the data area,  the CHGUSRPRF command would  show only those  values
as valid  to change.   An option on  the CHGUSRPRF2 command  determines
whether the other parameters are displayed in a protected mode.

The parameters PWD and DOCPWD cannot be specified.

The parameters  GRPPRF and SUPGRPPRF cannot be  changed unless the user
is authorized to the group profile.

When  CHGUSRPRF2 runs, it  first ensures that  the parameters specified
in the data area are valid.

The user  profile named  on CHGUSRPRF2 cannot  be QSECOFR  or any  user
profile with one of the special authorities:

        - *ALLOBJ
        - *SECADM
        - *SERVICE

In addition, the specific profiles QSRV, QSRVBAS, and TAAJOBCTL
may not be changed.

If  there  are other  profiles  that  should  be prevented  from  being
changed,  they may be  specified in the  INZPWD data  area in TAASECURE
with the command:

        EDTCONARR     DTAARA(TAASECURE/INZPWD)

This is the same data area used by the INZPWD tool.

To provide for  an audit trail  of the use  of the CHGUSRPRF2  command,
the following occurs:

  **   If  the  QAUDJRN  journal  exists,  an   entry  is  sent  to  it
       describing  the   use  of  CHGUSRPRF2,  the   profile  that  was
       changed, and the user that made  the change.  The entry type  is
       CP.

  **   If the QAUDJRN journal  does not exist, the same  information as
       described for  the journal entry  is sent as a  message to QHST.

CHGUSRPRF2 is an option on the SECOFR2 menu.  See the SECOFR2 tool.

Use with the TAADPTSEC Authorization List
-----------------------------------------

An  alternative approach  is to  allow for  multiple assistant security
officers who can each  manage a set of  unique user profiles.  This  is
called a  'Departmental Security Officer'.   See the discussion  of the
TAADPTSEC authorization list in the SECOFR2 tool documentation.

Command parameters                                    *CMD
------------------

   USRPRF        The  user  profile  to  be  changed.    It  cannot  be
                 QSECOFR or a user  with *ALLOBJ, *SECADM, or  *SERVICE
                 special  authority.   If  any  profiles exist  in  the
                 INZPWD   data  area   in  TAASECURE,  they   are  also
                 prevented from being changed.

                 See the INZPWD  tool for  how to make  entries in  the
                 INZPWD data area.

   DSPNONCHG     A *YES/*NO  option that  defaults to  *NO.  *NO  means
                 that  only the values  allowed to  be changed  will be
                 shown on the CHGUSRPRF prompt.

                 *YES  means  that  all  the  current  values  will  be
                 displayed  on the  CHGUSRPRF  prompt, but  only  those
                 described  in the  CHGUSRPRF2 data  area in  TAASECURE
                 can be changed.

Restrictions
------------

The  user must be  authorized to the TAACHGPRF2  authorization list and
the Security  Officer must  enter the  valid parameters  to be  changed
into the CHGUSRPRF2 data area in TAASECURE with EDTCONARR.

The parameters GRPPRF  and SUPGRPPRF cannot be changed  unless the user
is authorized to the group profile.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CONARR          Constant array
     EDTVAR          Edit variable
     EXPVAL          Expand value
     RTVSPCAUT       Retrieve special authority

Implementation
--------------

The  tool is  ready to  use, but  the  user must  be authorized  to the
TAACHGPRF2 authorization list and  there must be a  least one entry  in
the CHGUSRPRF2 data area in TAASECURE.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHGUSRPRF2    *CMD                   TAASEDH       QATTCMD
   TAASEDHC      *PGM       CLP         TAASEDHC      QATTCL

The CHGUSRPRF2 *DTAARA exists in TAASECURE.

Added to TAA Productivity tools May 1, 1996

Home Page

Up to Top