If you have users using your partition's IFS there are times when one of them manages to disable their access. In 2019 I wrote about how they can re-enable their access themselves using the QZLSCHSI API. What if I want to be more proactive and identify the profiles who already have disabled their IFS access?
Fortunately the information is attached to their user profile, but not in a place that I can get to with any of the User Profile commands, for example CHGUSRPRF. But I can use the SQL View USER_INFO. This View contains the column NETSERVER_DISABLED, if the User Profile has disabled their Netserver access then this column will contain 'YES'.
The statement I would use is:
01 SELECT AUTHORIZATION_NAME,NETSERVER_DISABLED 02 FROM QSYS2.USER_INFO |
Hang on a moment, the SQL View USER_INFO_BASIC contains a subset of the columns that USER_INFO does, thereby making it a faster View to get results from. Using this smaller, and faster, View this is an example if I only want the first five results returned:
SELECT AUTHORIZATION_NAME,NETSERVER_DISABLED FROM QSYS2.USER_INFO_BASIC LIMIT 5 |
Those five results are:
AUTHORIZATION_NAME NETSERVER_DISABLED ------------------ ------------------ A********* NO B********* NO C********* NO D********* NO E********* NO |
If I was looking for profiles with their Netserver disabled I would use the following:
SELECT AUTHORIZATION_NAME,NETSERVER_DISABLED FROM QSYS2.USER_INFO_BASIC WHERE NETSERVER_DISABLED = 'YES' |
The results would look like:
AUTHORIZATION_NAME NETSERVER_DISABLED ------------------ ------------------ S********* YES |
What if I wanted to re-enable the Netserver for everyone where it is disabled? Fortunately I can use the QCMDEXC scalar function to call the CL program I wrote in my earlier post here.
My statement would look like:
01 SELECT AUTHORIZATION_NAME,NETSERVER_DISABLED,
02 QSYS2.QCMDEXC('CALL MYLIB/RESNETPWD PARM(' ||
03 AUTHORIZATION_NAME || ')')
04 FROM QSYS2.USER_INFO_BASIC
|
Line 1: This is the user profile and whether the Netserver is disabled columns.
Lines 2 and 3: The third column is the QCMDEXC scalar function. I am using it to call the program RESNETPWD, which needs to be passed the user profile. I am concatenating the user profile into the parameter of the Call command.
When executed the results would be:
AUTHORIZATION_NAME NETSERVER_DISABLED 00003 ------------------ ------------------ ----- S********* YES 1 |
The third column is returned from the QCMDEXC scalar function to confirm that the command pass to it executed without error.
That profile's Netserver is now enabled:
SELECT AUTHORIZATION_NAME,NETSERVER_DISABLED FROM QSYS2.USER_INFO_BASIC WHERE AUTHORIZATION_NAME = 'S*********' ; AUTHORIZATION_NAME NETSERVER_DISABLED ------------------ ------------------ S********* NO |
Job done and successful.
This article was written for IBM i 7.5, and should work for some earlier releases too.
Thanks Simon, I can confirm it's working on V7R3 with latest PTF (we use it in a Nagios4i probe).
ReplyDeleteThis is awesome. Thank you Simon. What I'm curious to know is, who in my company is re-enabling the disabled users and how they are doing it. I haven't been resetting users but I know there are users being disabled and re-enabled.
ReplyDeleteIt sounds to me like there are two scenarios:
Delete1. Someone is manually doing this.
2. There is a job that is run to do this.
3. User profile changes are being replicate from one partition to another.
Also, disabled users are automaticaly re-enabled at Netserver restart.
Delete