Viewing AS/400 Public User Profiles
Hello Guys, I would like to see all public user profiles has exclude authority. Theirs any one here know what the command in AS400 that I need to use to view it. I appreciated your answer. Thank You very much
Software/Hardware used:
Software/Hardware used:
ASKED:
March 12, 2011 7:38 AM
UPDATED:
March 16, 2011 8:39 AM
Answer Wiki:
u can use prtusrprf
Slack400's two cents:
If your intent is to keep your system locked down tight you'll want to set the system value: QCRTAUT to *Exclude. This will ensure new objects created on the server will not be available to users unless specified.
As for your existing data & programs if the system wasn't locked down before you'll need to audit your system and lock down any critical items. I would write a quick CL program to utilize the DSPOBJD command to generate an object listing by type and then use the output to run the GRTOBJAUT command to then change the *PUBLIC authority to *EXCLUDE. Then go library by library until your data files and source code files are all locked down.
Of course you'll want to clearly define your goals ahead of time and test, test, test.
For general system security I'd recommend contacting PowerTech or BSafe and get a free system security audit review. It's amazingly fast and helpful.
To see all answers submitted to the Answer Wiki: View Answer History.
I would like to see all public user profiles has exclude authority.
Can you explain your request, please?
*EXCLUDE authority to what? And what is a “public user profile”?
Profiles are granted *EXCLUDE authority to different objects. There are some profiles that come with the system, such as QSYSOPR, QSECOFR and QPGMR. Other profiles are created by administrators for use by individuals.
There is also a generic term for all profiles on the system — *PUBLIC.
At a basic level, the meaning of *PUBLIC is “any profile that doesn’t have any authority granted explicitly by name”. In many ways, *PUBLIC just refers to every profile on the system. It means everybody.
But *EXCLUDE authority generally refers to objects such as files and programs and other things. When *EXCLUDE is mentioned along with *PUBLIC, it doesn’t mean that the public is excluded. It means that anyone who doesn’t have authority is excluded.
If everyone has been granted authority through group membership or through private authority or through ‘special’ authority, then no one is excluded even if *PUBLIC is set to *EXCLUDE.
It can be confusing.
That’s why it would help if you can explain more about what you need.
Tom
Use the PRTUSRPRF Command and Select Values Special Authorities and USer Class Values based on Authorities. Hope it satisfies your requirement
You may want to try PRTPUBAUT (print Publicly Authorized Objects). Another great source of commands and reports would be the Security tools (Go Sectools).
If your question is about seeing to which user profiles everyone has access: PRTPUBAUT.