TAA Tools
DSAOLDPRF       DISABLE OLD PROFILE                    TAASEFT

The  Disable Old  Profile  command  optionally disables  user  profiles
that have not  been signed onto recently or not  at all.  Two retention
periods  may  be specified  for: 1)  Profiles that  have not  signed on
recently.  2)  Profiles that  have never signed  on.  Profiles  created
by the  system or  are PASSWORD(*NONE) are  not considered.   DSAOLDPRF
may   be  used  to   minimize  the  exposure  that   profiles  will  be
inappropriately used.

You must have *ALLOBJ authority to use DSAOLDPRF.

See also the DLTOLDUSR tool to delete old profiles.

The default for  DSAOLDPRF ACTION  parameter is *CHECK  meaning that  a
listing  is produced  describing what  the *DISABLE  function would  do
instead of actually disabling any profiles.

A typical command would be:

             DSAOLDPRF     DAYS(60) DAYS2(5)

Several profiles are not considered (never disabled):

  **   User profile names beginning with Q

  **   User profiles with PASSWORD(*NONE)

  **   User profiles already disabled

The  DAYS parameter  controls the retention  period for  those profiles
that have signed on (a 'last signon  date' exists).  The default is  60
days meaning  if the profile has  not been signed  onto in the  last 60
days, it would be disabled by ACTION(*DISABLE).

The DAYS2  parameter controls the  retention period for  those profiles
that  have  never  been signed  onto  (no 'last  signon  date' exists).
This means a  user profile was created,  but the user never  signed on.
The default  is 5 days meaning if  the profile has not  not been signed
onto  since 5  days  after the  create date,  it  would be  disabled by
ACTION(*DISABLE).

A listing is  produced with  one line  for each profile  that would  be
disabled and counts of the the 'bypassed' types.

When you  have reviewed the listing  and want to disable  the profiles,
specify:

             DSAOLDPRF     ACTION(*DISABLE) DAYS(n) DAYS2(n)

To 'enable'  a 'disabled' profile, consider  the ENAUSRPRF TAA command.

DSAOLDPRF escape messages you can monitor for
---------------------------------------------

None.  Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   ACTION        The type of action to perform.

                 *CHECK is the default to  check for what would  occur.
                 The output  listing describes  the user profiles  that
                 would  be disabled.   *CHECK allows  you to  'try out'
                 the  function so  you are  sure you  will be disabling
                 the correct user profiles.

                 *DISABLE  may  be   specified  to  disable  any   user
                 profiles that meet the criteria specified.

   DAYS          The  number  of  days   to  retain  a  profile  in  an
                 'enabled'  state if the profile  has been signed onto.
                 This parameter controls those  profiles where a  'last
                 signon date'  exists meaning  the user  has signed  on
                 at some time.

                 The  default  is  60 meaning  that  any  profiles that
                 have a  'last  signon date'  older  than 60  days  ago
                 would  be disabled  by  ACTION(*DISABLE).   The  value
                 must be in a range of 5 to 5000.

   DAYS2         The  number  of  days   to  retain  a  profile  in  an
                 'enabled'  state if the profile  has never been signed
                 onto.   This parameter  controls those profiles  where
                 there is  no 'last signon  date' because the  user has
                 never signed on.

                 The  default is 5 meaning that  any profiles that were
                 created prior to 5 days  ago and have not been  signed
                 onto  would  be  disabled by  ACTION(*DISABLE).    The
                 value must be in a range of 0 to 5000.

   METHOD        The  method   used  to  disable  old  profiles.    The
                 default method  of *CHGUSRPF  will disable  any  older
                 profile that is  not created by *IBM.   The *DSAUSRPRF
                 method will  use a DSAUSRPRF  command and can  be more
                 selective.   It  will never disable  QSECOFR and other
                 profiles  can  be   protected  as   well.    See   the
                 documentation for  DSAUSRPRF for details on  how to do
                 this.

Restrictions
------------

You must have *ALLOBJ special authority to use DSAUSRPRF.

Prerequisites
-------------

The following TAA Tools must be on your system:

     ADDDAT          Add date
     CHKALLOBJ       Check *ALLOBJ special authority
     EDTVAR          Edit variable
     RSNLSTMSG       Resend last message
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDSTSMSG       Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   DSAOLDPRF     *CMD                   TAASEFT       QATTCMD
   TAASEFTC      *PGM       CLP         TAASEFTC      QATTCL
   TAASEFTR      *PGM       RPG         TAASEFTR      QATTCL
					

Added to TAA Productivity tools October 15, 2003


Home Page Up to Top