Using an individual profile as a group profile

You might find that a specific user has all of the authorities needed by a group of users and be tempted to make that user profile into a group profile. However, using an individual’s profile as a group profile might cause problems in the future:

• If the user whose profile is used as the group profile changes responsibilities, a new profile needs to be designated as the group profile, authorities need to be changed, and object ownership needs to be transferred.
• All members of the group automatically have authority to any objects created by the group profile. The user whose profile is the group profile loses the ability to have private objects, unless that user specifically excludes other users.

Try to plan group profiles in advance. Create specific group profiles with password *NONE. If you discover after an application has been running that a user has authorities that should belong to a group of users, do the following actions:

1. Create a group profile.
2. Use the GRTUSRAUT command to give the user’s authorities to the group profile.
3. Remove the private authorities from the user, because they are no longer needed. Use the RVKOBJAUT or EDTOBJAUT command.