friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvuserprofavail.htm

83 lines
5.0 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Schedule availability of user profiles" />
<meta name="abstract" content="You may want some user profiles to be available for sign-on only at certain times of the day or certain days of the week." />
<meta name="description" content="You may want some user profiles to be available for sign-on only at certain times of the day or certain days of the week." />
<meta name="DC.Relation" scheme="URI" content="rzamvmanagesecinfo.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="userprofavail" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Schedule availability of user profiles</title>
</head>
<body id="userprofavail"><a name="userprofavail"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Schedule availability of user profiles</h1>
<div><p>You may want some user profiles to be available for sign-on only
at certain times of the day or certain days of the week.</p>
<p>For example, if you have a profile set up for a security auditor, you may
want to enable that user profile only during the hours that the auditor is
scheduled to work. You might also want to disable user profiles with *ALLOBJ
special authority (including the QSECOFR user profile) during off-hours. </p>
<p>You can use the Change Activation Schedule Entry (<span class="cmdname">CHGACTSCDE</span>)
command to set up user profiles to be enabled and disabled automatically.
For each user profile that you want to schedule, you create an entry that
defines the user profiles schedule. </p>
<p>For example, if you want the QSECOFR profile to be available only between
7 in the morning and 10 in the evening, you would type the following on the
CHGACTSCDE display:</p>
<div class="example"><div class="fignone"><span class="figcap">Figure 1. Schedule profile activation display—sample</span></div>
<pre class="screen"> Change Activation Scd Entry (CHGACTSCDE)
Type choices, press Enter.
User profile . . . . . . . . . . &gt; QSECOFR Name
Enable time . . . . . . . . . . &gt; '7:00' Time, *NONE
Disable time . . . . . . . . . . &gt; '22:00' Time, *NONE
Days . . . . . . . . . . . . . . &gt; *MON *ALL, *MON, *TUE, *WED...
&gt; *TUE
&gt; *WED
&gt; *THU
+ for more values &gt; *FRI</pre>
</div>
<div class="section"><p>In fact, you might want to have the QSECOFR profile available
only for a very limited number of hours each day. You can use another user
profile with the *SECOFR class to perform most system functions. Thus, you
avoid exposing a well-known user profile to hacking attempts. </p>
<p>You can
use the Display Audit Journal Entries (<span class="cmdname">DSPAUDJRNE</span>) command
periodically to print the CP (Change Profile) audit journal entries. Use these
entries to verify that the system is enabling and disabling user profiles
according to your planned schedule. </p>
<p>Another method for checking to
ensure that user profiles are being disabled on your planned schedule is to
use the Print User Profile (<span class="cmdname">PRTUSRPRF</span>) command. When you
specify *PWDINFO for the report type, the report includes the status of each
selected user profile. If, for example, you regularly disable all user profiles
with *ALLOBJ special authority, you can schedule the following command to
run immediately after the profiles are disabled: <kbd class="userinput">PRTUSRPRF
TYPE(*PWDINFO) SELECT(*SPCAUT) SPCAUT(*ALLOBJ)</kbd></p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvmanagesecinfo.htm" title="This article describes the tasks for managing security information.">Manage security information</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink