How to distinguish an inactive and terminated user profiles in AS400

95 pts.
Tags:
AS 400
When a user is no longer working in our company, the AS400 admin will disable the user profile. As per the company's procedure,it is not allowed to delete the user profile. 
As per current setup, user profiles also gets disabled when an user types in password wrongly 3 times, or when a user is not logging into AS400 for 3 months. Problem is we are unable to differentiate between these (disabled when terminated, OR disabled due to inactive/wrong password).  
Is there any way we can identify the user profiles that got disabled due to being inactive / typed in wrong password?
0

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 9  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • nishav
    Is the following solution good? - Can we create a new group profile, and whenever an employee is terminated, along with disabling the user profile, change the group profile? This we we can identify all terminated user profiles. 
    Please share if you have better ideas.
    95 pointsBadges:
    report
  • TheRealRaven
    Not a terrible possible solution, but rather than a straight change from any old group profile, it'd seem better to add a new group to the terminated user. That would help keep all existing authorities in place.

    Best, of course, would be to delete the terminated user profile. Ownerships and authorities should be appropriately transferred first. Old terminated users probably shouldn't be kept around beyond some predetermined time limit.

    A simple program could be used to disable profiles. In addition it would insert a row into a 'terminated users' table.
    37,215 pointsBadges:
    report
  • ToddN2000
    Nothing I can think of that is provided using standard commands and profiles. Like Raven said , you could put together something to manage this but it will still only be as good as those that maintain it properly. As for keeping old profiles of terminated employees, not a good idea in my opinion. It could provide a disgruntled employee a way back into the system to cause you issues. All they would need is to have someone enable it again or say they forgot their password and want it reset. Some may even know of a secondary profile they could have access to that may give them more authority or allow them to make changes. 
    136,970 pointsBadges:
    report
  • Splat
    I'd recommend simply putting the word 'TERMINATED' into the profile text.  That should make it obvious to most that the profile is disabled for a reason.
    12,935 pointsBadges:
    report
  • nishav
    Thanks for your valuable opinions, Raven and Todd.
    95 pointsBadges:
    report
  • azohawk
    I have never thought keeping old profiles around to be a good idea. Users should be granted access for what they need through group profiles, not by copying one user to another. A step beyond disabling the password is to change it and also set the initial program to sign them off.
    4,085 pointsBadges:
    report
  • WoodEngineer
    You may have already checked out RTVUSRPRF command.  Two bits of info that might be helpful are NOTVLDSIGN and PRVSIGN.  
    8,245 pointsBadges:
    report
  • rcl
    I think a good solution is to change the user's password to *NONE at the same time it is disabled.  You can then list users who have a password of *NONE.  When you run the DSPUSRPRF *ALL to an *OUTFILE, you can select for user's with password set to *NONE based on a *YES in the field named UPPWON.
    70 pointsBadges:
    report
  • Jaideep Khanduja
    Add a comment along with it at the time it's gets disabled. A small script will do the needful. Something like Terminated and Suspended. 
    20,010 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: