ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvtoolcustomsec.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Commands for customizing security" />
<meta name="abstract" content="This section describes the commands and menus for security tools." />
<meta name="description" content="This section describes the commands and menus for security tools." />
<meta name="DC.Relation" scheme="URI" content="rzamvtoolsecurity.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="toolcustomsec" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Commands for customizing security</title>
</head>
<body id="toolcustomsec"><a name="toolcustomsec"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Commands for customizing security</h1>
<div><p>This section describes the commands and menus for security tools.</p>
<div class="section"><h4 class="sectiontitle">Commands and menus for security commands</h4> Examples
of how to use the commands are included throughout this information. Two menus
are available for security tools:<ul><li>The SECTOOLS (Security Tools) menu to run commands interactively.</li>
<li>The SECBATCH (Submit or Schedule Security Reports to Batch) menu to run
the report commands in batch. </li>
</ul>
The SECBATCH menu has two parts. The first part of the menu uses the
Submit Job (SBMJOB) command to submit reports for immediate processing in
batch. The second part of the menu uses the Add Job Schedule Entry (ADDJOBSCDE)
command. You use it to schedule security reports to be run regularly at a
specified day and time.</div>
<div class="section"><h4 class="sectiontitle">Security Tools menu options</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Tool commands
for user profiles</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e35">Menu option<sup>1</sup></th>
<th valign="bottom" id="d0e39">Command name</th>
<th valign="bottom" id="d0e41">Description</th>
<th valign="bottom" id="d0e43">Database file used</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e35 ">1</td>
<td valign="top" headers="d0e39 ">ANZDFTPWD</td>
<td valign="top" headers="d0e41 ">Use the Analyze Default Passwords command to report
on and take action on user profiles that have a password equal to the user
profile name.</td>
<td valign="top" headers="d0e43 ">QASECPWD<sup>2</sup></td>
</tr>
<tr><td valign="top" headers="d0e35 ">2</td>
<td valign="top" headers="d0e39 ">DSPACTPRFL</td>
<td valign="top" headers="d0e41 ">Use the Display Active Profile List command to display
or print the list of user profiles that are exempt from ANZPRFACT processing.</td>
<td valign="top" headers="d0e43 ">QASECIDL<sup>2</sup></td>
</tr>
<tr><td valign="top" headers="d0e35 ">3</td>
<td valign="top" headers="d0e39 ">CHGACTPRFL</td>
<td valign="top" headers="d0e41 ">Use the Change Active Profile List command to add and
remove user profiles from the exemption list for the ANZPRFACT command. A
user profile that is on the active profile list is permanently active (until
you remove the profile from the list). The ANZPRFACT command does not disable
a profile that is on the active profile list, no matter how long the profile
has been inactive.</td>
<td valign="top" headers="d0e43 ">QASECIDL<sup>2</sup></td>
</tr>
<tr><td valign="top" headers="d0e35 ">4</td>
<td valign="top" headers="d0e39 ">ANZPRFACT</td>
<td valign="top" headers="d0e41 ">Use the Analyze Profile Activity command to disable
user profiles that have not been used for a specified number of days. After
you use the ANZPRFACT command to specify the number of days, the system runs
the ANZPRFACT job nightly. You can use the CHGACTPRFL command to exempt user
profiles from being disabled.</td>
<td valign="top" headers="d0e43 ">QASECIDL<sup>2</sup></td>
</tr>
<tr><td valign="top" headers="d0e35 ">5</td>
<td valign="top" headers="d0e39 ">DSPACTSCD</td>
<td valign="top" headers="d0e41 ">Use the Display Profile Activation Schedule command
to display or print information about the schedule for enabling and disabling
specific user profiles. You create the schedule with the CHGACTSCDE command.</td>
<td valign="top" headers="d0e43 ">QASECACT<sup>2</sup></td>
</tr>
<tr><td valign="top" headers="d0e35 ">6</td>
<td valign="top" headers="d0e39 ">CHGACTSCDE</td>
<td valign="top" headers="d0e41 ">Use the Change Activation Schedule Entry command to
make a user profile available for sign on only at certain times of the day
or week. For each user profile that you schedule, the system creates job schedule
entries for the enable and disable times.</td>
<td valign="top" headers="d0e43 ">QASECACT<sup>2</sup></td>
</tr>
<tr><td valign="top" headers="d0e35 ">7</td>
<td valign="top" headers="d0e39 ">DSPEXPSCD</td>
<td valign="top" headers="d0e41 ">Use the Display Expiration Schedule command to display
or print the list of user profiles that are scheduled to be disabled or removed
from the system in the future. You use the CHGEXPSCDE command to set up user
profiles to expire.</td>
<td valign="top" headers="d0e43 ">QASECEXP<sup>2</sup></td>
</tr>
<tr><td valign="top" headers="d0e35 ">8</td>
<td valign="top" headers="d0e39 ">CHGEXPSCDE</td>
<td valign="top" headers="d0e41 ">Use the Change Expiration Schedule Entry command to
schedule a user profile for removal. You can remove it temporarily (by disabling
it) or you can delete it from the system. This command uses a job schedule
entry that runs every day at 00:01 (1 minute after midnight). The job looks
at the QASECEXP file to determine whether any user profiles are set up to
expire on that day. Use the DSPEXPSCD command to display the user profiles
that are scheduled to expire.</td>
<td valign="top" headers="d0e43 ">QASECEXP<sup>2</sup></td>
</tr>
<tr><td valign="top" headers="d0e35 ">9</td>
<td valign="top" headers="d0e39 ">PRTPRFINT</td>
<td valign="top" headers="d0e41 ">Use the Print Profile Internals command to print a report
containing information on the number of entries contained in a user profile.
The number of entries determines the size of the user profile.</td>
<td valign="top" headers="d0e43 ">&nbsp;</td>
</tr>
<tr><td colspan="4" valign="top" headers="d0e35 d0e39 d0e41 d0e43 "><div class="note"><span class="notetitle">Note:</span> <ol><li>Options are from the SECTOOLS menu.</li>
<li>This file is in the QUSRSYS library.</li>
</ol>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtoolsecurity.htm" title="This information describes how to set up your system to use the security tools that are part of i5/OS.">Configure the system to use security tools</a></div>
</div>
</div>
</body>
</html>