×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
On 06-Jul-2016 10:36 -0500, Dave DeBoe wrote:
We did see in QSYSOPR and the QHST log that QSECOFR was the profile
used to end the Netserver jobs. However, when I looked at the
previous sign-on field on the user profile QSECOFR, it had not been
used to sign onto our server for over three months prior to this
incident happening, so that tells me that QSECOFR was not used to
sign on to our iSeries server the day the Netserver went down. That
is where my problem lies.
A user can effect action without having established a[n interactive]
signon, which is what the "Previous sign-on" detail of the Display User
Profile (DSPUSRPRF) reveals. A non-interactive job can be started, or
the current-user of a job can be established for a job, for which that
job then can be identified with that current user, as having been
responsible for ending a job.
There is instead the possibility of the Last Used Date available from
the Display Object Description (DSPOBJD) command -- that can be run
against the user profile [in this case, QSECOFR]. However in the past,
the only actions that [were documented to] update that field for the
User Profile (USRPRF) object were each of:
[
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rbam6/detob.htm]
_Detecting unused objects on the system_
"…
• When a job is initiated for the profile
• When the profile is a group profile and a job is started using a
member of the group
• Grant User Authority (GRTUSRAUT) command (for referenced profile)
…"
I seem to recall a discussion wherein someone alluded pursuit of
correction to the above docs, to include that the switch-user feature
[one or more of the profile handle API] in the documentation, as having
an effect of updating the last-used date. There is reference in one or
more of those APIs that the last-used date will get updated -- and that
there would be an audit log entry for *SECURITY type; e.g.:
[
https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_71/apis/QSYGETPH.htm]
_Get Profile Handle (QSYGETPH) API_
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.