How to find the user profile who deleted the soure physical file?

130 pts.
Tags:
AS/400 Profiles
AS/400 user profiles
A team of users have access to a particular library of as400 system, one of the users has deleted a soruce physical file in that library? How to find which user has deleted the SRCPF from library?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hopefully you have security auditing set on your i5.
Use the command DSPSECAUD to check your settings.
If it is, display the audit journal entries (DSPAUDJRNE) and enter DO for Delete object entries.
If it’s not, your only hope would be the joblog of the users and hope you get lucky.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • ASWDEVELOPER
    Assuming for the moment that the deletion was accidental rather than intended mischief, perhaps valuable IT time would be better spent improving security so it can't happen again. Furthermore, if the deletion was on purpose and the search for the culprit is about laying blame, then some of that blame rightly belongs with the person who failed to secure the source library in the first place.
    405 pointsBadges:
    report
  • Whatis23
    If the users need to access the library to run queries, programs, etc., just grant them *USE access. At the very least, use Edit Object Authority (EDTOBJAUT) and remove Object Exist authority.
    5,665 pointsBadges:
    report
  • TomLiotta
    Don't forget that an audit entry is connected to a "user profile" rather than to a "user". Those almost always mean the same individual; but in an environment where there isn't basic knowledge of how to determine 'who did what', the security policy is probably pretty lax if one exists at all and a given "user profile" might have been controlled by a different "user". Tom
    125,585 pointsBadges:
    report
  • TNKR
    Thank you....let me check with DSPSECAUD cmd
    130 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following