Hi
Is there any way we can know about deleted user profiles in AS/400? We have an audit process wherein the auditor have asked for a list of all the users deleted. Can any one suggest where can I get such a list?
pgsdeb
If you have it turned on you can get the list from the Audit journal (QAUDJRN). Need to set several system values to make it work and you will wnat to implement a procedure to clean it up as it can take a lot of space.
If a profile is deleted, the system audit journal will record a deleted object, with entry type 'DO'. Unfortunately, there will probably be a lot of DO entries and very few will be user profiles. It is a reliable indication, but takes some sifting of the data. You'll also need to have a full month's worth of audit journal receivers on-line unless you capture entries on a daily or weekly basis as time passes.
You could register a Delete User Profile Exit Program against the QIBM_QSY_DLT_PROFILE exit point. If nothing else, you could log the date/time to help with retrieval of the audit DO entry.
Or you could simply generate a monthly list of user profiles. Whenever someone wants to know which profiles were deleted in a given month, just run an exception join against the lists before and after the month. One problem is that it won't catch profiles created and deleted in the same month.
Tom
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!
Discuss This Question: 2  Replies