RATE THIS ANSWER
0
Click to Vote:
- 0
0
You might also want to look at what objects are secured by the group profile. A group profile is just a user profile that is used for grouping access to objects. If you are going to use the group profile as an individual profile then you need to set the securities and object access for that user.
A group profile is only considered a 'group' if it in included as a group or supplemental profile within another profile. Removing the profile from other individual profiles will remove it from the 'group' category.
================================================
Yes, but it's often not immediately obvious how it needs to be done.
First, of course, disassociate all members from the group. This will turn off the general Group Profile Indicator (seen in the *outfile from DSPUSRPRF *BASIC). For
most purposes, this is what is intended when a 'group' profile is to become a 'normal' profile.
However, the profile should then be reviewed to see if it is the Primary Group for any objects -- DSPUSRPRF TYPE(*OBJPGP). Change the Primary Group assignments for the objects.
Finally, call the
Change User Profile UID or GID (QSYCHGID) API to set the profile's GID value to zero. Unfortunately, the CHGUSRPRF command doesn't allow a value of zero, so the API is required... at least, it has been in recent releases -- quick test shows it's still restricted on the command in V6R1.
Those last two steps can often be ignored. However, if facilities such NFS are active or other UNIX-style networking elements that may use UID/GID for authorization in the network, keeping control of UID/GID should be done.
(BTW, note that GID in i5/OS does not equate to 'root' but rather to 'no group assigned'.)
Tom
Last Answered:
Oct 23 2009 10:18 PM GMT by TomLiotta 
8025 pts.
