Enable/Disable AS400 User Profile
I am trying to create a menu option that will allow the helpdesk level1 to only enable or disable user profile?
Software/Hardware used:
Software/Hardware used:
ASKED:
August 1, 2008 4:33 PM
UPDATED:
June 19, 2010 9:01 AM
Answer Wiki:
This is quite a straight forward task, and the easiest way is to create a command and CL program to do the work for you.
For example the following source is for a CHGUSRSTS command:
<pre> CMD PROMPT('Change User Status')
PARM KWD(USERID) TYPE(*NAME) LEN(10) PROMPT('User ID')
PARM KWD(STS) TYPE(*CHAR) LEN(10) RSTD(*YES) +
VALUES(*ENABLED *DISABLED) PROMPT(STATUS) </pre>
Create this in a source member named CHGUSRSTS with a memebr type of CMD and compile using the CRTCMD command. On the compile prompt set the command processing program to be CHGUSRSTS and then create a source member with the same name in QCLSRC with a member type of CLP and enter the following:
<pre> PGM PARM(&USERID &STS)
DCL VAR(&USERID) TYPE(*CHAR) LEN(10)
DCL VAR(&STS) TYPE(*CHAR) LEN(10)
DCL VAR(&MSG) TYPE(*CHAR) LEN(80)
/* First check that the User ID exists */
CHKOBJ OBJ(&USERID) OBJTYPE(*USRPRF)
MONMSG MSGID(CPF9801) EXEC(DO)
CHGVAR VAR(&MSG) VALUE('User profile ' *CAT &USERID +
*TCAT ' does not exist')
GOTO CMDLBL(FINISHED)
ENDDO
MONMSG MSGID(CPF9802) EXEC(DO)
CHGVAR VAR(&MSG) VALUE('Not authorised to user +
profile ' *CAT &USERID)
GOTO CMDLBL(FINISHED)
ENDDO
/* User profile exists and we are authorised to it, so change the status... */
CHGUSRPRF USRPRF(&USERID) STATUS(&STS)
CHGVAR VAR(&MSG) VALUE('User profile ' *CAT &USERID +
*TCAT ' status chanegd to ' *CAT &STS)
/* Send any message and exit... */
FINISHED: SNDPGMMSG MSG(&MSG)
ENDPGM </pre>
When you compile this using the CRTCLPGM command you must compile it while signed on as as user with authority to run the CHGUSRPRF command (i.e. QSECOFR or somebody with *SECADM authority) and you must specify the USRPRF(*OWNER) parameter on the compile command.
On your menu you can add it as ?CHGUSRSTS to force it to be prompted.
Basically the program checks that the user profile exists and then sets the status according to the value entered by the user. Nice and easy. You could expand on it quite easily to allow for changing/resetting passwords, etc.
If you need any help, just shout.
Best regards
Jonathan
From WaltZ400:
Another thing you can do is add a menu option which contains the following command string.
CHGUSRPRF ??USRPRF() ??STATUS()
What this does is selectively prompts on the CHGUSRPRF command and only gives the user the two parameters that shows on the command. All they can do is enter a user profile and a status. Nothing else is maintainable at this point. For more information go to the iSeries Infocenter for your OS release for more more information on selective prompting on iSeries commands.
To see all answers submitted to the Answer Wiki: View Answer History.
Selectively prompting on the CHGUSRPRF as suggested by Waltz400 is a nice clean way to do it, but it is unlikely the Helpdesk Level 1 running the option (as mentioned in the orginal post) would have the authority to run the command. If they did then the question wouldn’t have been asked in the first place.
The solution then would be to wrap the command in a CL program that is owned by QSECOFR (or somebody with *SECADM authority) and to have it run under adoptied authority:
(or somebody with *SECADM authority)
*SECADM is not sufficient. In addition, the profile must *ALLOBJ, or have *CHANGE authority to every profile that might need to be changed at any time in the future.
Tom