Steve McKay wrote:
The profile 'owns' an application but it has QPGMR as the group profile and
*GRPPRF as the 'OWNER', so the profile itself doesn't actually own anything
other than a couple of IFS directories.
I would recommend not having an IBM profile being a group profile,
but that isn't an issue for the circumstance you describe. It
doesn't matter that the *GRPPRF is specified to own created objects,
so that's irrelevant except perhaps to explain how ownership went to
the group profile. It won't affect anything related to deleting this
I don't see a way to DSPLOG by user ID - only by job/number/user and I don't
know 2 of the 3.
I also have no utility for analyzing QHST.
I don't see any reason to review QHST. It's possible that something
might catch your eye; other than that, it shouldn't provide any
help. OTOH, if significant auditing is enabled, any audit journal
entries under this profile would be important to follow up.
The profile is PUBLIC *EXCLUDE so no one is using it to SBMJOBs.
If no other profiles have at least *USE authority and the profile
that owns this profile is under control, then it seems things are
Without authority to the profile and with no password, other
profiles shouldn't be able to start jobs using it, nor can they
switch to it -- unless they already have as much authority as this
one could provide. If other profiles have access to any program that
can adopt enough authority to perform the switch, then other
powerful profiles are as much at risk.
If this profile owns nothing but /root directories and/or
streamfiles, there doesn't seem to be any point to the existence of
If no audit entries show up, I can't think of any reason not to
delete it. It doesn't seem to have any use, even as an owner.