Your system should contain only user profiles that are necessary. An unnecessary user profile may provide unauthorized entry to your system. If you no longer need a user profile because the user either has left or has taken a different job within the organization, remove the user profile.
You can use the Change Expiration Schedule Entry (CHGEXPSCDE) command to manage the removing or disabling of user profiles. If you know that a user is leaving for an extended period, you can schedule the user profile to be removed or disabled.
The first time that you use the CHGEXPSCDE command, it creates a job schedule entry that runs at 1 minute after midnight every day. The job looks at the QASECEXP file to determine whether any user profiles are scheduled for removal on that day.
With the CHGEXPSCDE command, you either disable or delete a user profile. If you choose to delete a user profile, you must specify what the system will do with the objects that the user owns. Before you schedule a user profile for deletion, you need to research the objects that the user owns. For example, if the user owns programs that adopt authority, do you want those programs to adopt the ownership of the new owner? Or does the new owner have more authority than necessary (such as special authority)? Perhaps, you need to create a new user profile with specific authorities to own the programs that need to adopt authority.
You also need to research whether any application problems will occur if you delete the user profile. For example, do any job descriptions specify the user profile as the default user?
You can use the Display Expiration Schedule (DSPEXPSCD) command to display the list of profiles that are scheduled to be disabled or removed. You can use the Display Authorized Users (DSPAUTUSR) command to list all of the user profiles on your system. Use the Delete User Profile (DLTUSRPRF) command to delete outdated profiles.