Try this question <a href="http://itknowledgeexchange.techtarget.com/itanswers/as400-who-created-a-user-profile/">http://itknowledgeexchange.techtarget.com/itanswers/as400-who-created-a-user-profile/</a>
<i>...both only show the user that created it but this could not be the TRUE user that created the profile.</i>
Although the statement from below is correct, it is usually irrelevant. Essentially every action is performed by a 'user' and every one may be initiated by some 'true user'.
The underlying principle simply must always be kept in mind during <i>any</i> forensic process. It is perhaps worth noting in discussion but might confuse the direct answer.
The direct answer is that the 'Created by user' attribute of the *USRPRF object is the user that created that *USRPRF.
While hte solutions in the above link are the normal process, they have shortcomings.
both only show the user that created it but this could not be the TRUE user that created the profile.
Object Description o fthe profile in Question:
Creation date/time . . . . . . . . . : 03/29/10 13:45:55
Created by user . . . . . . . . . . : MISOPR
The best method is a two part one.
* Use the CPYAUDJRNE command as specified in the other answer.
* Once you find the correct entry, look for the job that created it.
Job User Job
name name number
QDFTJOBD MISOPR 982295
* Do a WRKJOB or DSPJOB on the job that created the profile in question.
* Display the joblog and look for something similar to this where that job was submitted from another job.
CPI1125 Information 00 03/29/10 13:45:55.528096
Message . . . . : Job 982295/MISOPR/QDFTJOBD submitted.
Cause . . . . . : Job 982295/MISOPR/QDFTJOBD submitted to job queue QBATCH in QGPL from job 982294/MISBXG/CONSOLEBG1.
* Note that the job that created the profile was submitted by another job from a different user name. So in this example, MISBXG was the user that actually created the profile.
This scenario may not always be the case and it is not to say that anything underhanded is being attempted, it's just that the process for creating profiles may be done via some sort of automation and possible from another system.
So don't take for granted that the 'created by' user is the actual culprit.
Last Wiki Answer Submitted: July 5, 2010 8:00 pm by Bggas400160 pts.