Viewing AS/400 Public User Profiles

15 pts.
Tags:
AS/400 administration
AS/400 user authority
AS/400 user profiles
Hello Guys, I would like to see all public user profiles has exclude authority. Theirs any one here know what the command in AS400 that I need to use to view it. I appreciated your answer. Thank You very much
Asked: Last updated:
Related Questions
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

u can use prtusrprf

Slack400’s two cents:

If your intent is to keep your system locked down tight you’ll want to set the system value: QCRTAUT to *Exclude. This will ensure new objects created on the server will not be available to users unless specified.

As for your existing data & programs if the system wasn’t locked down before you’ll need to audit your system and lock down any critical items. I would write a quick CL program to utilize the DSPOBJD command to generate an object listing by type and then use the output to run the GRTOBJAUT command to then change the *PUBLIC authority to *EXCLUDE. Then go library by library until your data files and source code files are all locked down.

Of course you’ll want to clearly define your goals ahead of time and test, test, test.

For general system security I’d recommend contacting PowerTech or BSafe and get a free system security audit review. It’s amazingly fast and helpful.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TomLiotta
    I would like to see all public user profiles has exclude authority. Can you explain your request, please? *EXCLUDE authority to what? And what is a "public user profile"? Profiles are granted *EXCLUDE authority to different objects. There are some profiles that come with the system, such as QSYSOPR, QSECOFR and QPGMR. Other profiles are created by administrators for use by individuals. There is also a generic term for all profiles on the system -- *PUBLIC. At a basic level, the meaning of *PUBLIC is "any profile that doesn't have any authority granted explicitly by name". In many ways, *PUBLIC just refers to every profile on the system. It means everybody. But *EXCLUDE authority generally refers to objects such as files and programs and other things. When *EXCLUDE is mentioned along with *PUBLIC, it doesn't mean that the public is excluded. It means that anyone who doesn't have authority is excluded. If everyone has been granted authority through group membership or through private authority or through 'special' authority, then no one is excluded even if *PUBLIC is set to *EXCLUDE. It can be confusing. That's why it would help if you can explain more about what you need. Tom
    125,585 pointsBadges:
    report
  • rajeshece
    Use the PRTUSRPRF Command and Select Values Special Authorities and USer Class Values based on Authorities. Hope it satisfies your requirement
    1,230 pointsBadges:
    report
  • pdraebel
    You may want to try PRTPUBAUT (print Publicly Authorized Objects). Another great source of commands and reports would be the Security tools (Go Sectools). If your question is about seeing to which user profiles everyone has access: PRTPUBAUT.
    7,545 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: