User Profile in AS/400 System

5 pts.
Tags:
AS/400 administration
Hi, how to find who has created the USER PROFILE and when it was created? Also What special authority need to find this? Thanks in Advance.

Software/Hardware used:
AS400 and OS400

Answer Wiki

Thanks. We'll let you know when a new response is added.

Try this question: AS/400 – Who created a user profile
======================================================

Note: Both only show the user that created it but this could not be the TRUE user that created the profile.

Although the statement from below is correct, it is usually irrelevant. Essentially every action is performed by a ‘user’ and every one may be initiated by some ‘true user’.

The underlying principle simply must always be kept in mind during <i>any</i> forensic process. It is perhaps worth noting in discussion but might confuse the direct answer.

The direct answer is that the ‘Created by user’ attribute of the *USRPRF object is the user that created that *USRPRF.

Tom

======================================================

While the solutions in the above link are the normal process, they have shortcomings.
both only show the user that created it but this could not be the TRUE user that created the profile.

Object Description o fthe profile in Question:
Creation date/time . . . . . . . . . : 03/29/10 13:45:55
Created by user . . . . . . . . . . : MISOPR

The best method is a two part one.
* Use the CPYAUDJRNE command as specified in the other answer.
* Once you find the correct entry, look for the job that created it.

Job User Job
name name number
QDFTJOBD MISOPR 982295

* Do a WRKJOB or DSPJOB on the job that created the profile in question.
* Display the joblog and look for something similar to this where that job was submitted from another job.

CPI1125 Information 00 03/29/10 13:45:55.528096
Message . . . . : Job 982295/MISOPR/QDFTJOBD submitted.
Cause . . . . . : Job 982295/MISOPR/QDFTJOBD submitted to job queue QBATCH in QGPL from job 982294/MISBXG/CONSOLEBG1.

* Note that the job that created the profile was submitted by another job from a different user name. So in this example, MISBXG was the user that actually created the profile.

This scenario may not always be the case and it is not to say that anything underhanded is being attempted, it’s just that the process for creating profiles may be done via some sort of automation and possible from another system.

So don’t take for granted that the ‘created by’ user is the actual culprit.

Discuss This Question: 10  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Abigail
    dspobjd *all/profile *usrprf - Select option 5 to display. This will show you who created it and on what date. You shouldn't have any security issues displaying his.
    645 pointsBadges:
    report
  • c007
    WRKUSRPRF option 5-Display Display User Profile - Basic shows the following Previous sign-on . . . . . . . . . . . . . : Sign-on attempts not valid . . . . . . . . : Status . . . . . . . . . . . . . . . . . . : Date password last changed . . . . . . . . : Password expiration interval . . . . . . . : Set password to expired . . . . . . . . . : Local password management . . . . . . . . : User class . . . . . . . . . . . . . . . . : Special authority . . . . . . . . . . . . : Group profile . . . . . . . . . . . . . . : Owner . . . . . . . . . . . . . . . . . . : Group authority . . . . . . . . . . . . . : Group authority type . . . . . . . . . . . : Supplemental groups . . . . . . . . . . . : Assistance level . . . . . . . . . . . . . : Current library . . . . . . . . . . . . . : Initial program . . . . . . . . . . . . . : Library . . . . . . . . . . . . . . . . : Initial menu . . . . . . . . . . . . . . . : Library . . . . . . . . . . . . . . . . : Limit capabilities . . . . . . . . . . . . : Text . . . . . . . . . . . . . . . . . . . : Display sign-on information . . . . . . . : Limit device sessions . . . . . . . . . . : Keyboard buffering . . . . . . . . . . . . : Storage information: Maximum storage allowed . . . . . . . . : Storage used . . . . . . . . . . . . . . : Storage used on independent ASP . . . . :
    285 pointsBadges:
    report
  • Jkbritvic
    Try the following command and then press enter on the command line. DSPOBJD OBJ(User ID) OBJTYPE(*USRPRF) Then use option 5 = Display Full Attributes
    65 pointsBadges:
    report
  • DLM2007
    Try this... DSPUSRPRF USRPRF(*ALL) TYPE(*BASIC) OUTPUT(*OUTFILE) OUTFILE(your library) *FIRST, *ADD The syntax may not be 100 accurate, but once created query on the file created in the library you selected.
    280 pointsBadges:
    report
  • Splat
    I just use WRKOBJ.
    7,095 pointsBadges:
    report
  • Rickmcd
    I use the WRKOBJ Command
    WRKOBJ QSYS/USERPRF
    Then do a option 8 to see created by
    1,605 pointsBadges:
    report
  • SujitNair2013

    1) DSPOBJD shows that who owns that, but that is not necesasry the profile who owns the object created it. if there is a JRN in place you can check with DSPAUDJRNE.

    2) for managing usrprofiles you need *SECADM rights

    85 pointsBadges:
    report
  • TomLiotta

    1) DSPOBJD shows that who owns that, but that is not necesasry the profile who owns the object created it. if there is a JRN in place you can check with DSPAUDJRNE.

    DSPOBJD shows both the owner profile and the 'Created by' profile. If actual forensics are being done, the DSPAUDJRNE should not be used. Use DSPJRN instead.

    2) for managing usrprofiles you need *SECADM rights

    For managing profiles, yes, you need *SECADM (as well as at least *USE authority to the profiles being managed). But for simply viewing the 'Created by' attribute, all that is needed is at least *USE authority to the *USRPRF object.

    Tom

    125,585 pointsBadges:
    report
  • abdullachennatt
    make it simple .. 
    Do a WRKOBJ QSYS/"userprofile" *userprf
    do an 8 - to see who created

    20 pointsBadges:
    report
  • ibmiguy
    I use WRKOBJ for the user profile and then option 8 to view description..
    30 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following