IS WRKSYSVAL SYSVAL (QMAXSIGN) COMMAND USER SPECIFIC OR GLOBAL

25 pts.
Tags:
AS/400
IBM iSeries
WRKSYSVAL
Actually I need one commen user id to have mutiple attempts for sign on I had tried with below command but it updates globally and not for one user IS WRKSYSVAL SYSVAL (QMAXSIGN) COMMAND USER SPECIFIC OR GLOBAL pls help

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi,

QMAXSIGN is global and limits the number of *invalid* sign-on attempts at a device (or terminal session). If you need the user to be signed on to the system at multiple devices then you may need to set the LMTDEVSSN to *NO on the user profile.

Hope this helps,

Martin Gilbert.

Discuss This Question: 11  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Manojcgupta
    Dear Martin, Thanks for reverting but my problem is not sign on to system at multiple devices using same ID. Actually my problem is that I have one common user ID which is used by 1000 users. But suppose if any one does invalid sign on thrice the ID gets disabled and rest all the users are not able to use the server. So i wanted to know just like QMAXSIGN is there any command which is specific to user where in I can allow that user n number or multiple sign on attempts. Please help.
    25 pointsBadges:
    report
  • TSCHMITZ
    Hi Manojcgupta, i'm afraid what you want is not possible. perhaps you should investigate modifying your security policy, because having so much users working with the same ID is not really safe and compliant with actual security requirements. Have a nice day. T.
    470 pointsBadges:
    report
  • djac
    I would agree that having ALL your users signing on with the same ID is definitely not a good idea. However, if you have to work that way then one thing you could do is change the QMAXSGNACN system value to '1' (numeric one). This would mean that the ID is not disabled when a user exceeds the allowed number of sign-on attempts. It will just disable the device.
    900 pointsBadges:
    report
  • bvining
    I wrote an article Watching for Messages -- Made Easy for System i News back in 2006 which provides sample programs in CL, RPG, and COBOL to accomplish just this function -- have one user profile (WAREHOUSE in my example) enabled even if "too many" invalid signon attemts are made. Basically the program looks for the "profile is disabled" message and, if found, re-enables the user profile. Bruce Vining http://www.brucevining.com/
    6,510 pointsBadges:
    report
  • Manojcgupta
    Dear Djac, Thanks for reverting but again the command QMAXSGNACN is global I need something which is specific to user. Actually we have one module used for online attendance recording of the all the employees even who don't use the system for any other work apart from attendance. Only for this module we have created one common user Id. For other modules we have different user ids with user specific rights. My problem not yet resolved?
    25 pointsBadges:
    report
  • TomLiotta
    Why do you have a signon at all for this user? Why have a "user" at all? Just run a program that 'acquires' the device and go from there. Completely avoid signons since they serve no purpose in this case (and since they in fact cause problems). Tom
    125,585 pointsBadges:
    report
  • bvining
    Vendor response. I have a product, Profile Manager, which allows you quite a bit of flexibility in this area. You can have some user profiles always re-enabled (*BYPASS mode), some user profiles prompted (at the signon screen after QMAXSIGN has kicked in) with a personal question to verify their identity and, if answered correctly, re-enabled with either a new password or the old password (
    6,510 pointsBadges:
    report
  • bvining
    Wrong blasted key.................. Continuing where I left off: (*QUESTION mode), some user profiles re-enabled based on fingerprint verification -- not real applicable to your situation (*FINGERPRT mode), some user profiles just left disabled (*NONE mode). Once started, Profile Manager detects when a profile becomes disabled due to excessive signon attempts and then, based on the profile disabled, helps them recover. The product also takes care of the terminal being varied off due to QMAXSIGN. The product does require that the system be at V5R4 or later. Bruce Vining Bruce Vining Services End vendor response.
    6,510 pointsBadges:
    report
  • Vatchy
    There's an easy way to fix this. Create a CL program that is constantly running in batch that checks - say every ten seconds - to see if the user profile is disabled. If so, it re-enables it and continues running.
    PGM
                 DCL        VAR(&STATUS) TYPE(*CHAR) LEN(10)
    Check:
                 RTVUSRPRF  USRPRF(user) STATUS(&STATUS)
                 IF         COND(&STATUS *EQ '*DISABLED') THEN(CHGUSRPRF +
                              USRPRF(user) STATUS(*ENABLED))
                 DLYJOB     DLY(10)
                 GOTO       CMDLBL(CHECK)
    ENDPGM
    
    1,410 pointsBadges:
    report
  • Whatis23
    I have this setup in our TEST environment for users performing QA before promoting to PROD. It is usually just 2 or 3 users with the same test profile: Use iNav and setup a Message monitor enter Message ID CPF1393 (Subsystem QUSRWRK disabled user profile ...) Enter CHGUSRPRF for the trigger cmd for the user id and put STATUS(*ENABLED) I also use SNDBRKMSG to the HELPDESK as the reset cmd so they can monitor its frequency.
    5,665 pointsBadges:
    report
  • Splat
    Using a single profile for multiple users is worse than having no security. If you can't get away from that immediately, create the QSYSMSG message queue in QSYS and write a message queue monitor to re-enable the profile when it becomes disabled.
    7,305 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following