Options on the Security Tools menu
You can use the Security Tools (SECTOOLS) menu to simplify the management and control of the security on your system with plenty of options and commands that it provides.
This figure shows the part of the SECTOOLS menu that relates to user profiles.
To access this menu, type
GO SECTOOLS. SECTOOLS Security Tools
Select one of the following:
Work with profiles
1. Analyze default passwords
2. Display active profile list
3. Change active profile list
4. Analyze profile activity
5. Display activation schedule
6. Change activation schedule entry
7. Display expiration schedule
8. Change expiration schedule entry
9. Print profile internals
Table 1 describes these menu options and the associated commands:
| Menu1 option | Command name | Description | Database file used |
|---|---|---|---|
| 1 | ANZDFTPWD | Use the Analyze Default Passwords command to report on and take action on user profiles that have a password equal to the user profile name. | QASECPWD2 |
| 2 | DSPACTPRFL | Use the Display Active Profile List command to display or print the list of user profiles that are exempt from ANZPRFACT processing. | QASECIDL2 |
| 3 | CHGACTPRFL | Use the Change Active Profile List command to add and remove user profiles from the exemption list for the ANZPRFACT command. A user profile that is on the active profile list is permanently active (until you remove the profile from the list). The ANZPRFACT command does not disable a profile that is on the active profile list, no matter how long the profile has been inactive. | QASECIDL2 |
| 4 | ANZPRFACT | Use the Analyze Profile Activity
command to disable user profiles that have not been used for a specified
number of days. After you use the ANZPRFACT command to specify the
number of days, the system runs the ANZPRFACT job nightly. You can use the CHGACTPRFL command to exempt user profiles from being disabled. |
QASECIDL2 |
| 5 | DSPACTSCD | Use the Display Activation Schedule command to display or print information about the schedule for enabling and disabling specific user profiles. You create the schedule with the CHGACTSCDE command. | QASECACT2 |
| 6 | CHGACTSCDE | Use the Change Activation Schedule Entry command to make a user profile available for sign on only at certain times of the day or week. For each user profile that you schedule, the system creates job schedule entries for the enable and disable times. | QASECACT2 |
| 7 | DSPEXPSCDE | Use the Display Expiration Schedule command to display or print the list of user profiles that are scheduled to be disabled or removed from the system in the future. You use the CHGEXPSCDE or CHGUSRPRF command to set up user profiles to expire. | |
| 8 | CHGEXPSCDE | Use the
Change Expiration Schedule Entry command to schedule a user profile
for removal. You can remove it temporarily (by disabling it) or you
can delete it from the system. This command uses a job schedule entry
that runs every day at 00:01 (1 minute after midnight). Use the DSPEXPSCD command to display the user profiles that are scheduled to expire. |
|
| 9 | PRTPRFINT | Use the Print Profile Internals command to print a report of internal information about the number of entries in a user profile (*USRPRF) object. | |
| Notes:
|
|||
You can page down on the menu to see additional options. Table 2 describes the menu options and associated commands for security auditing:
| Menu1 option | Command name | Description | Database file used |
|---|---|---|---|
| 10 | CHGSECAUD | Use the Change Security Auditing
command to set up security auditing and to change the system values
that control security auditing. When you run the CHGSECAUD command,
the system creates the security audit (QAUDJRN) journal if it does
not exist. The CHGSECAUD command provides options that make it simpler to set the QAUDLVL (audit level) and QAUDLVL2 (audit level extension) system values. You can specify *ALL to activate all of the possible audit level settings. Or, you can specify *DFTSET to activate the most commonly used settings (*AUTFAIL, *CREATE, *DELETE, *SECURITY, and *SAVRST). Note: If you use the security tools to
set up auditing, make sure to plan for management of your audit journal
receivers. Otherwise, you might quickly encounter problems with disk
utilization.
|
|
| 11 | DSPSECAUD | Use the Display Security Auditing command to display information about the security audit journal and the system values that control security auditing. | |
| 12 | CPYAUDJRNE | Use the Copy Audit Journal Entries command to copy entries from the security audit journal to an output file. | QASYxxJ52 |
|
|||