Monitor user environments

This article discusses using the SECBATCH menu and commands to monitor user environments.

One role of the user profile is to define the environment for the user, including the output queue, the initial menu, and the job description. The user’s environment affects how the user sees the system and, to some extent, what the user is allowed to do. The user must have authority to the objects that are specified in the user profile. However, if your authority scheme is still in progress or is not very restrictive, the user environment that is defined in a user profile may produce results that you do not intend.

Use the following SECBATCH menu options to monitor user environments: 29 to submit the job immediately and 68 to use the job scheduler:

The user’s job description may specify a user profile that has more authority than the user.
The user may have an initial menu that does not have a command line. However, the user’s attention-key-handling program may provide a command line.
The user may be authorized to run confidential reports. However, the user’s output may be directed to an output queue that is available to users who should not see the reports.

You can use the *ENVINFO option of the Print User Profile (PRTUSRPRF) command to help you monitor the environments that are defined for system users. The following figure shows an example of the report:

Figure 1. Print User Profile: User Environment Report

                     User Profile Information 

Report type . . . . . . . . . : *ENVINFO 
Select by . . . . . . . . . . : *USRCLS 
                    Initial Initial   Job           Message  Output   Attention 
User      Current   Menu/   Program/  Description/  Queue/   Queue/   Program/ 
Profile   Library   Library Library   Library       Library  Library  Library 
AUDSECOFR AUDITOR   MAIN    *NONE     QDFTJOBD      QSYSOPR  *WRKSTN  *SYSVAL 
                    *LIBL             QGPL          QSYS 
USERA     *CRTDFT   OEMENU  *NONE     QDFTJOBD      USERA    *WRKSTN  *SYSVAL 
                    *LIBL             QGPL          QUSRSYS 
USERB     *CRTDFT   INVMENU *NONE     QDFTJOBD      USERB    *WRKSTN  *SYSVAL 
                    *LIBL             QGPL          QUSRSYS 
USERC     *CRTDFT   PAYROLL *NONE     QDFTJOBD      USERC    PAYROLL  *SYSVAL 
                    *LIBL             QGPL          QUSRSYS  PRPGMLIB

For more information, see: Monitor security messages.