TAA Tools
CHGUSRPRF2      CHANGE USER PROFILE NBR 2              TAASEDH

The  Change User  Profile  Nbr 2  command  is designed  to  be used  by
Assistant  Security Officers that  are given  limited authority  by the
Security  Officer.  The command allows a  subset of the parameters of a
user profile to be changed.

A typical command would be entered as:

         CHGUSRPRF2    USRPRF(xxxx)

The CHGUSRPRF  command  prompt would  appear  with the  current  values
displayed (not all parameters need be displayed).

To allow  a user to  use CHGUSRPRF2, the  Security Officer must  do the
following:

  **   Grant the user to the authorization list TAACHGPRF2.

  **   Specify  the parameter  names that  are valid  to be  changed in
       the CHGUSRPRF2 data area in TAASECURE.

The  CHGUSRPRF2  data  area  should  contain  only  the  names  of  the
parameters that  the Assistant Security Officer  may change.   The data
area is maintained with the CONARR tool using the command:

            EDTCONARR    DTAARA(TAASECURE/CHGUSRPRF2)

For  example, if INLPGM and  INLMNU are the  only parameters identified
in the data area,  the CHGUSRPRF command would  show only those  values
as valid  to change.   An option on  the CHGUSRPRF2 command  determines
whether the other parameters are displayed in a protected mode.

The parameters PWD and DOCPWD cannot be specified.

The parameters  GRPPRF and SUPGRPPRF cannot be  changed unless the user
is authorized to the group profile.

When  CHGUSRPRF2 runs, it  first ensures that  the parameters specified
in the data area are valid.

The user  profile named  on CHGUSRPRF2 cannot  be QSECOFR  or any  user
profile with one of the special authorities:

        - *ALLOBJ
        - *SECADM
        - *SERVICE

In addition, the specific profiles QSRV, QSRVBAS, and TAAJOBCTL
may not be changed.

If  there  are other  profiles  that  should  be prevented  from  being
changed,  they may be  specified in the  INZPWD data  area in TAASECURE
with the command:

        EDTCONARR     DTAARA(TAASECURE/INZPWD)

This is the same data area used by the INZPWD tool.

To provide for  an audit trail  of the use  of the CHGUSRPRF2  command,
the following occurs:

  **   If  the  QAUDJRN  journal  exists,  an   entry  is  sent  to  it
       describing  the   use  of  CHGUSRPRF2,  the   profile  that  was
       changed, and the user that made  the change.  The entry type  is
       CP.

  **   If the QAUDJRN journal  does not exist, the same  information as
       described for  the journal entry  is sent as a  message to QHST.

CHGUSRPRF2 is an option on the SECOFR2 menu.  See the SECOFR2 tool.

Use with the TAADPTSEC Authorization List
-----------------------------------------

An  alternative approach  is to  allow for  multiple assistant security
officers who can each  manage a set of  unique user profiles.  This  is
called a  'Departmental Security Officer'.   See the discussion  of the
TAADPTSEC authorization list in the SECOFR2 tool documentation.

Command parameters                                    *CMD
------------------

   USRPRF        The  user  profile  to  be  changed.    It  cannot  be
                 QSECOFR or a user  with *ALLOBJ, *SECADM, or  *SERVICE
                 special  authority.   If  any  profiles exist  in  the
                 INZPWD   data  area   in  TAASECURE,  they   are  also
                 prevented from being changed.

                 See the INZPWD  tool for  how to make  entries in  the
                 INZPWD data area.

   DSPNONCHG     A *YES/*NO  option that  defaults to  *NO.  *NO  means
                 that  only the values  allowed to  be changed  will be
                 shown on the CHGUSRPRF prompt.

                 *YES  means  that  all  the  current  values  will  be
                 displayed  on the  CHGUSRPRF  prompt, but  only  those
                 described  in the  CHGUSRPRF2 data  area in  TAASECURE
                 can be changed.

Restrictions
------------

The  user must be  authorized to the TAACHGPRF2  authorization list and
the Security  Officer must  enter the  valid parameters  to be  changed
into the CHGUSRPRF2 data area in TAASECURE with EDTCONARR.

The parameters GRPPRF  and SUPGRPPRF cannot be changed  unless the user
is authorized to the group profile.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CONARR          Constant array
     EDTVAR          Edit variable
     EXPVAL          Expand value
     RTVSPCAUT       Retrieve special authority

Implementation
--------------

The  tool is  ready to  use, but  the  user must  be authorized  to the
TAACHGPRF2 authorization list and  there must be a  least one entry  in
the CHGUSRPRF2 data area in TAASECURE.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHGUSRPRF2    *CMD                   TAASEDH       QATTCMD
   TAASEDHC      *PGM       CLP         TAASEDHC      QATTCL

The CHGUSRPRF2 *DTAARA exists in TAASECURE.
					

Added to TAA Productivity tools May 1, 1996


Home Page Up to Top