TAA Tools

The Disable User Profile tool is designed for Assistant Security
Officers to be able to disable a user profile.

A typical command would be:


This would disable the users profile so that he could not signon.  A
batch job can still be run using the profile.

The user of DSAUSRPRF must be authorized to the TAADSAPRF
authorization list.

DSAUSRPRF is an option on the SECOFR2 Assistant Security Officer
menu.  See the TAA Tool SECOFR2.

The QSECOFR profile cannot be disabled.

To specify additional user profiles that cannot be disabled, see the
section on User Profile Exceptions.

To provide for an audit trail of the use of the command, the
following occurs:

  **   If the QAUDJRN journal exists, an entry is sent to it
       describing the use of DSAUSRPRF, the profile that was
       disabled, and the user that made the change.  The entry type
       is DA.

  **   If the QAUDJRN journal does not exist, the same information as
       described for the journal entry is sent as a message to QHST.

Use with the TAADPTSEC Authorization List

An alternative approach is to allow for multiple assistant security
officers who can each manage a set of unique user profiles.  This is
called a 'Departmental Security Officer'.  See the discussion of the
TAADPTSEC authorization list in the SECOFR2 tool documentation.

User Profile Exceptions                               *CMD

If you have 45 or less exceptions, the DSAUSRPRF data area in
TAASECURE can be used to specify a list of additional profiles that
cannot be disabled using the DSAUSRPRF command.  The Security Officer
can then use the following command to edit a list of additional user
profiles that cannot be disabled:


An Exception file also exists in TAASECURE (the DSAUSRPRF file).  You
may have user profile names in both the data area and the file or
just in the data area or just in the file.  The DSAUSRPRF command
checks both objects and if the user profile exists, the command ends
with the TAA9897 escape message.

You can maintain the DSAUSRPRF file using 1) TAA EDTDBF command 2)
Create a DFU application, or 3) your own technique.

If using EDTDBF, enter the command:


EDTDBF allows you to enter new records, change existing records,
delete records, etc.  You may randomly access records in the file as
well (use F14).

Command parameters                                    *CMD

   USRPRF        The user profile to be disabled.


See the previous discussion.


The following TAA Tools must be on your system:

     CONARR       Constant array


The tool is ready to use, but the user must be be authorized to the
TAADSAPRF authorization list.  For example,


The Security Officer may also want to specify certain user profiles
that cannot be changed by entering them into the DSAUSRPRF data area
in TAASECURE.  Use the command:


You do not need to enter QSECOFR as it is always prevented.

Objects used by the tool

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   DSAUSRPRF     *CMD                   TAASEDF       QATTCMD
   TAASEDFC      *PGM       CLP         TAASEDFC      QATTCL

The TAASEDFC program is created with USRPRF(*OWNER).

The DSAUSRPRF data area exists in the TAASECURE library.

Added to TAA Productivity tools May 1, 1996

Home Page Up to Top