As a security administrator, you need to control and audit changes that occur to user profiles on your system.
User profiles provide entry to your system. Parameters in the user profile determine a user’s environment and a user’s security characteristics.
You can set up security auditing so that your system writes a record of changes to user profiles. You can use the DSPAUDJRNE command to print a report of those changes. You can create exit programs to evaluate requested actions to user profiles.
The following table shows the exit points that are available for user profile commands.
| User profile command | Exit point name |
|---|---|
| Create User Profile (CRTUSRPRF) | QIBM_QSY_CRT_PROFILE |
| Change User Profile (CHGUSRPRF) | QIBM_QSY_CHG_PROFILE |
| Delete User Profile (DLTUSRPRF) | QIBM_QSY_DLT_PROFILE |
| Restore User Profile (RSTUSRPRF) | QIBM_QSY_RST_PROFILE |
Your exit program can, for example, look for changes that might cause the user to run an unauthorized version of a program. These changes might be assigning either a different job description or a new current library. Your exit program might either notify a message queue or take some action (like changing or disabling the user profile) based on the information that the exit program receives.
The Security Reference book provides more information about the exit programs for user profile actions. See: iSeries Security Reference.