I am conclude User Profile topic with this topic until, I come across something that is interesting and important piece of fact that I am missing to describe.
Deleting user profile's in AS400 is simple but it needs to have a look at many important piece of objects and items before we actually delete a user profile.
Why we need to analyze before deleting a User Profile?
An user can create objects and have access to many files and objects that could be affected the moment we decide to delete an user profile.
What all things we need to consider before deleting User Profile?
As per industry best practices, it is required to meet the audit compliance with SOX (Sarbanese -Oxley) and HIPAA(Health Insurance Portability and Accountability Act).
If your company follows these standard and needs to meet audit compliance for SOX and HIPAA, then you might need to have proof of when the user left the organization and when the request was raised to remove the user profile. You might need to maintain a document based on the organizational practice.
Sometimes, you might be required to immediately disable the User Profile after the person left the organization. This can be done by CHGUSRPRF.
CHGUSRPRF USRPRF(user_name) STATUS(*DISABLED)
Before, deleting a user profile it is needed to transfer all the objects that the user profile owns to another user. This is so because AS400 OS will not allow you to delete an User Profile if it has objects that it owns.
You can identify whom to assign the objects after checking with the group to whom this user belongs and then transfer all the objects that is owned by the user profile.
To identify the objects that the user profile owns, you can do
WRKOBJOWN USRPRF(user_name)
This can also be done by i Series - navigator.
You also need to identify how critical the user profile is, before you think of deleting it. There could be many user profiles which can not be deleted at all. Some basic example would be of the programmer or the programming manager who have designed almost all the programs and have setup all the interfaces. The administrator who have setup most of the batch jobs and the operator or user who have been for so long that it is difficult to figure out, which all jobs, objects and interfaces will be affected when the profile is deleted.
Such, user profile just reside in the system forever.
If the user profile is not critical then get approval to delete the user profile from the departments required and remember to document it before you proceed to delete the user profile.
Deleting user profile :-
WRKUSRPRF USRPRF(user_name)
Option 4 next to the user profile to delete the same.
If the user profile will not delete that means there must be some objects that the User profile owns. Now, to change the ownership of the objects, use below command.
WRKUSRPRF USRPRF(user_name)
Take option 12 to find the objects owned.
Take option 9 to change the owner.
Or you could also change the ownership of objects owned at the time of deletion by using the below command.
WRKUSRPRF USRPRF(user_name)
Take option 4 and prompt ( f4)
owned objects value => *CHGOWN
user profile name is *CHGOWN => OBJOWNER (this user will own the objects after deleting the user profile)
This can also be done by iSeries- navigator .Select the user profile and right click and select delete user profile. The below screen will appear where you can change the ownership of objects owned and then delete the user.
No comments:
Post a Comment