AS/400 user ID question

Boblak

10 pts.

Tags:

AS/400 administration

AS/400 user profiles

Hi, I have access to the AS/400 as the qsecofr. how do I setup a new user ID on the system?

Asked: September 30, 2008 3:32 PM Last updated: November 16, 2017 1:02 PM

Answer Wiki

Last updated: September 26, 2014 4:26 PM GMT

Michael Tidmarsh62,175 pts.
History
Contributors
- Ordered by most recent
- Michael Tidmarsh62,175 pts.
- slack4002,740 pts.
- Siscomputerspecialists45 pts.

Thanks. We'll let you know when a new response is added.

you can do this the old fashion way using the CRTUSRPRF command.
or you can add users through the iSeries Access for Windows software (Operations Navigator)

I tend to copy existing profiles once I’ve got a good template to work with.

Of course you’ve got all kinds of questions to answer about security when setting up new users.
What user class should they be?
Do they need special authorities?
Job descriptions, password expiration interval, etc…

Here’s a good article to read if you’ve got the time before you start.

=====================================================

If your first step is starting by logging on as QSECOFR, then your second step needs to be the creation of a substitute for QSECOFR.

Run this command:

CRTUSRPRF USRPRF(ASECOFR)
PWDEXP(*YES)
USRCLS(*SECOFR)
TEXT('Primary SECOFR')
DSPSGNINF(*YES)
DLVRY(*BREAK)
ATNPGM(QSYS/QUSCMDLN)

Use any name; ASECOFR is as good as any. Then signoff of the QSECOFR session and signon as ASECOFR. The temporary password will be ASECOFR, and you’ll have to change it before the signon can be completed.

From then on, use ASECOFR instead of QSECOFR except when QSECOFR is required. QSECOFR may only be needed when you read IBM instructions that tell you to signon as QSECOFR.

Keep the QSECOFR password hidden and available to some manager. And keep the ASECOFR password secure. You won’t likely create a more important profile.

Once ASECOFR is comfortable, do as much work as you can through iSeries Navigator. Learning the Navigator interface will be important, as will be learning how it connects and the servers it connects to.

Tom

you can do this the old fashion way using the CRTUSRPRF command.
or you can add users through the iSeries Access for Windows software (Operations Navigator)

I tend to copy existing profiles once I've got a good template to work with.

Of course you've got all kinds of questions to answer about security when setting up new users.
What user class should they be?
Do they need special authorities?
Job descriptions, password expiration interval, etc...

Here's a <a href="http://www.itjungle.com/fhg/fhg091405-story03.html" target="_blank">good article to read</a> if you've got the time before you start.

=====================================================

If your first step is starting by logging on as QSECOFR, then your second step needs to be the creation of a substitute for QSECOFR.

Run this command:
<pre>CRTUSRPRF USRPRF(ASECOFR)
PWDEXP(*YES)
USRCLS(*SECOFR)
TEXT('Primary SECOFR')
DSPSGNINF(*YES)
DLVRY(*BREAK)
ATNPGM(QSYS/QUSCMDLN)</pre>
Use any name; ASECOFR is as good as any. Then signoff of the QSECOFR session and signon as ASECOFR. The temporary password will be ASECOFR, and you'll have to change it before the signon can be completed.

From then on, use ASECOFR instead of QSECOFR except when QSECOFR is required. QSECOFR may only be needed when you read IBM instructions that tell you to signon as QSECOFR.

Keep the QSECOFR password hidden and available to some manager. And keep the ASECOFR password secure. You won't likely create a more important profile.

Tom

Send me notifications when members answer or reply to this question.

Discuss This Question: 5 Replies

Gilly400 Oct 2, 2008 10:56 AM GMT

Hi, If you use WRKUSRPRF instead of CRTUSRPRF you can use option 3 to copy an existing profile. Regards, Martin Gilbert.

23,730 pointsBadges:

report
BarryRobinsonUK Oct 2, 2008 5:06 PM GMT

Yes you can do this. The only thing that you have to be aware of is that this will be an exact replica of the profile you are copying. You may want to change the Initial menu and the special authoritys depending on the user.

25 pointsBadges:

report
Nordan Dec 17, 2008 0:35 AM GMT

I think for the start the best is as Gilly400 said, WRKUSRPRF and make a copy, just to be sure QSECOFR has a problem like became disabled. When you have learned more about security you can start with group profiles, and create different classes like operators, users, security administrators, etc. It is very important you make a plan, because change the security architecture when there are a lot of user profiles created is very complicated.

435 pointsBadges:

report
Gayathri123 Nov 15, 2017 11:24 AM GMT

Please use CRTUSRPRF command to create a new user. Before creating a user profile, please make a note of user class, special authorities to be granted, job description, command line access (restricted or full), group profile details(if the user is to be added to a group) etc.

925 pointsBadges:

report
ToddN2000 Nov 16, 2017 1:02 PM GMT

Scary question.. You have the ultimate authority and are asking how to set up a new profile. The way to do that is with the CRTUSRPRF command. Just remember you will have a lot o parameters for setting this up as to whether they have command line access, their security, what job description, initial program to use and many others.

99,960 pointsBadges:

report