RPGIV @ Work

A unique site for RPG and System i Lovers


Hi, this site will provide all what you need in System i and RPG developments.

My Name is Chamara Withanachchi, System i Expert and RPG Developer. And in the field for last 11 years.

I hope you will find lot of valuable information from this site

Watch your profiles Print E-mail
User Rating: / 1
Written by Chamara Withanachchi   
Watch your profiles

The user profile is your first line of defense in the ongoing battle of protecting your system. When a new employee shows up for work, you go to great lengths to get their profile set up just right. You make sure that they get access to the menus they need to get their work done and you set up their object access accordingly. If you've been at this a while, you probably already have a mental checklist of all the things that you need to do for a new user in each department or work group in your shop.

But what about subsequent changes to those profiles? Are you watching these updates to make sure that your carefully engineered security scheme is being maintained over the life of each user profile?

In OS/400, there are a couple of ways that you can monitor this.

First, you can use the security audit journal as an after-the-fact review process for user profile changes and updates. To run this report, use the Display Audit Journal Entries (DSPAUDJRNE) command. Prompt the command using the F4 key and select the entry type code CP (Change user profile entries). The resulting report will show you at least some of the user profile change activity for the selected period of time on your system.

If you want more immediate information about user profile changes, then the only alternative is for you to code an exit program. There are four possible exit points that you can use on the system to track user profile activity:

	QIBM_QSY_CRT_PROFILE Create User Profile 
	QIBM_QSY_CHG_PROFILE Change User Profile 
	QIBM_QSY_DLT_PROFILE Delete User Profile 
	QIBM_QSY_RST_PROFILE Restore User Profile

An exit point is a marker in OS/400 where you can attach your own program. OS/400 calls your program, passing parameters, during the process of working with these four user profile events. You can then code your program to meet your specific needs. This can include online notification, detailed change tracking, rules enforcement and more. You can even pass a return code back to the exit point indicating that the profile change should be disallowed.

The RUNSQLSTM command offers increased flexibility in V6R1 by adding support for CL commands. This new support mirrors the CL command support that's available with the System i Navigator Run SQL Scripts interface. The CL command in the SQL script needs to be prefixed with "CL:" and then a semi-colon after the CL command string. Here's an example of a script including CL and SQL statements that can be processed by RUNSQLSTM in V6R1.You will find more details about creating exit programs to work with these user profile exit points in the iSeries Security Reference manual. Registering your program can be done using the Work with Registration Information (WRKREGINF) command. You will see many exit points displayed, be sure to limit your changes to the specific exits named above.

<Previous   Next>