This topic describes the purpose of user profiles and how to design
them.
A user profile contains security-related information that controls how
the user signs on the system, what the user is allowed to do after signing
on, and how the user’s actions are audited.
Now that you have decided on your overall security strategy and have planned
user groups, you are ready to plan individual user profiles.
Consider the following issues when planning user profiles:
- Naming considerations for user profiles
- Responsibilities assigned to individual users
- Values for each user
Complete these worksheets to plan user profiles:
- Individual user profile worksheet
- System responsibilities worksheet
Refer to these completed worksheets when planning for user profiles:
Naming user profiles
Your user profile name is how
you are identified to the system. You enter your user profile name in the
User ID field of the Sign On display. Any work you do and printer output you
create is associated with your user profile name. Consider these things when
deciding how to name user profiles:
- A user profile name can be up to 10 characters long. Some communications
methods limit the user ID to 8 characters.
- A user profile name may include letters, numbers, and the special characters:
pound (#), dollar ($), underline (_), and the at sign (@). It may not begin
with a number or underline (_).
- The system does not distinguish between uppercase and lowercase letters
in a user profile name. If you enter lowercase alphabetic characters, the
system translates them to uppercase characters.
- The displays and lists you use to manage user profiles show them in alphabetical
order by user profile name.
- All IBM-supplied profiles begin with the letter Q. To keep your profiles
separate from IBM-supplied profiles, avoid assigning user profile names that
begin with the character Q.
Remember: One technique for assigning user profile
names is to use the first 7 characters of the last name followed by the first
character of the first name. This method makes user profile names easy to
remember. Also, your lists and displays are then sequenced alphabetically
by last name.
Roles of the User Profile
The user profile has several
roles on the system:
- It contains security-related information that controls how the user signs
on the system, what the user is allowed to do after signing on, and how the
user’s actions are audited.
- It contains information that is designed to customize the system and adapt
it to the user.
- It is a management and recovery tool for the operating system. The user
profile contains information about the objects owned by the user and all the
private authorities to objects.
- The user profile name identifies the user’s jobs and printer output.
If the QSECURITY system value on your system is 20 or higher,
a user profile must exist before a user can sign on.
Example: Naming Convention Worksheet for User Profile
Table 1. Example: Naming Convention Worksheet: User
Profiles| User Name |
User Profile Name |
|---|
| Anderson, George |
ANDSERSOG |
| Anderson, Roger |
ANDERSOR |
| Jones, Sharon |
JONESS |
| Type of Object |
Naming Convention |
| User profiles |
Use the first 7 characters of the user's
last name, followed by the first character of the user's first name. Descriptions
of the user profile will be last name, first name. |
Describe how you plan to name user profiles on the Naming Conventions
worksheet, then you can determine who should be responsible for system functions
and choose values for each user.
For more information on user profiles,
see "Using the Create User Profile Command" in the iSeries™ Security Reference.