Does the User Profile running the UPM (User Profile Management) job need SECOFR authority? (NETIQKB30876)

  • Document ID:7730876
  • Creation Date:02-Feb-2007
  • Modified Date:18-May-2007
    • Micro Focus Products:
      Security Solutions for iSeries

Resolution

goal
Does the User Profile running the UPM (User Profile Management) job need SECOFR authority?

fact
VigilEnt Security Agent for AS/400 PSSecure 6.2

fact
VigilEnt Security Agent for AS/400 PSSecure 6.3

fact
VigilEnt Security Agent for iSeries PSSecure 7.0

fact
Profile and Password Management (PPM)

fact
User Profile Management (UPM)

fix

It is not necessary for the User Profile running the UPM job in Profile and Password Management (PPM) to have SECOFR authority. The only requirement is for the User Profile to be authorized to PSSecure and have an AS/400 Directory Entry.

To verify if a user profile is authorized to the VigilEnt iSeries product, complete the following:

  1. From the Product Access menu, select Option 70 Utilities menu.

  2. Select Option 12 Display PSSecure Authorized Users.

  3. If a user is authorized to the PSSecure product, he or she will be listed with *CHANGE authority.


To authorize someone to the PSSecure product, complete the following:

  1. Sign on to the OS/400 with the QSECOFR user profile.

  2. From the Product Access menu, select Option 70 Utilities menu.

  3. Select Option 1 Authorize users to products.

  4. In the User field, indicate the user you want to authorize to the product.

  5. In the Product field, indicate PSSecure.

  6. In the Authority field, indicate *GRANT.

  7. In the Authority Administrator field, indicate *No, unless you wish the user to be able to authorize other profiles to the product. In which case, indicate *Yes.

  8. Press Enter and a quick batch job will run.


To verify if a user has a Directory Entry on the AS/400, complete the following:

  1. On a command line, type WRKDIRE and press Enter.

  2. Look for the user profile that is trying to run the UPM job.


To add a Directory Entry for a user profile, complete the following:

  1. On a command line, type WRKDIRE and press Enter.

  2. Put 1=Add in the Opt field.

  3. In the User ID field, indicate the user profile.

  4. In the Address field, indicate the name of the system that you are creating the directory entry for.

  5. Press Enter.


Additional Information

Formerly known as NETIQKB30876