72 lines
5.1 KiB
HTML
72 lines
5.1 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Remove user profiles automatically" />
|
|
<meta name="abstract" content="Your system should contain only user profiles that are necessary. An unnecessary user profile may provide unauthorized entry to your system. If you no longer need a user profile because the user either has left or has taken a different job within the organization, remove the user profile." />
|
|
<meta name="description" content="Your system should contain only user profiles that are necessary. An unnecessary user profile may provide unauthorized entry to your system. If you no longer need a user profile because the user either has left or has taken a different job within the organization, remove the user profile." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvremoveuser.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="userprofremove" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Remove user profiles automatically</title>
|
|
</head>
|
|
<body id="userprofremove"><a name="userprofremove"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Remove user profiles automatically</h1>
|
|
<div><p>Your system should contain only user profiles that are necessary.
|
|
An unnecessary user profile may provide unauthorized entry to your system.
|
|
If you no longer need a user profile because the user either has left or has
|
|
taken a different job within the organization, remove the user profile.</p>
|
|
<p>You can use the Change Expiration Schedule Entry (<span class="cmdname">CHGEXPSCDE</span>)
|
|
command to manage the removing or disabling of user profiles. If you know
|
|
that a user is leaving for an extended period, you can schedule the user profile
|
|
to be removed or disabled. </p>
|
|
<p>The first time that you use the <span class="cmdname">CHGEXPSCDE</span> command,
|
|
it creates a job schedule entry that runs at 1 minute after midnight every
|
|
day. The job looks at the QASECEXP file to determine whether any user profiles
|
|
are scheduled for removal on that day. </p>
|
|
<p>With the <span class="cmdname">CHGEXPSCDE</span> command, you either disable or delete
|
|
a user profile. If you choose to delete a user profile, you must specify what
|
|
the system will do with the objects that the user owns. Before you schedule
|
|
a user profile for deletion, you need to research the objects that the user
|
|
owns. For example, if the user owns programs that adopt authority, do you
|
|
want those programs to adopt the ownership of the new owner? Or does the new
|
|
owner have more authority than necessary (such as special authority)? Perhaps,
|
|
you need to create a new user profile with specific authorities to own the
|
|
programs that need to adopt authority. </p>
|
|
<p>You also need to research whether any application problems will occur if
|
|
you delete the user profile. For example, do any job descriptions specify
|
|
the user profile as the default user? </p>
|
|
<p>You can use the Display Expiration Schedule (<span class="cmdname">DSPEXPSCD</span>)
|
|
command to display the list of profiles that are scheduled to be disabled
|
|
or removed. You can use the Display Authorized Users (DSPAUTUSR) command to
|
|
list all of the user profiles on your system. Use the Delete User Profile
|
|
(<span class="cmdname">DLTUSRPRF</span>) command to delete outdated profiles.</p>
|
|
<div class="note"><span class="notetitle">Security note:</span> You <u>disable</u> a user profile
|
|
by setting its status to *DISABLED. When you disable a user profile, you make
|
|
it unavailable for interactive use. You cannot sign on with or change your
|
|
job to a disabled user profile. Batch jobs can run under a user profile that
|
|
is disabled.</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvremoveuser.htm" title="This article describes how to remove a user from the system, explains why it is important, and provides step-by-step instructions.">Remove a user from the system</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |