You might also want to look at what objects are secured by the group profile. A group profile is just a user profile that is used for grouping access to objects. If you are going to use the group profile as an individual profile then you need to set the securities and object access for that user.
A group profile is only considered a ‘group’ if it in included as a group or supplemental profile within another profile. Removing the profile from other individual profiles will remove it from the ‘group’ category.
Yes, but it’s often not immediately obvious how it needs to be done.
First, of course, disassociate all members from the group. This will turn off the general Group Profile Indicator (seen in the *outfile from DSPUSRPRF *BASIC). For <i>most</i> purposes, this is what is intended when a ‘group’ profile is to become a ‘normal’ profile.
However, the profile should then be reviewed to see if it is the Primary Group for any objects — DSPUSRPRF TYPE(*OBJPGP). Change the Primary Group assignments for the objects.
Finally, call the <a href=”http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/apis/QSYCHGID.htm”>Change User Profile UID or GID (QSYCHGID) API</a> to set the profile’s GID value to zero. Unfortunately, the CHGUSRPRF command doesn’t allow a value of zero, so the API is required… at least, it has been in recent releases — quick test shows it’s still restricted on the command in V6R1.
Those last two steps can often be ignored. However, if facilities such NFS are active or other UNIX-style networking elements that may use UID/GID for authorization in the network, keeping control of UID/GID should be done.
(BTW, note that GID in i5/OS does not equate to ‘root’ but rather to ‘no group assigned’.)