Unable to find some profile change transactions in the 'Changes to User Profiles' report. (NETIQKB31333)

  • 7731333
  • 02-Feb-2007
  • 08-Oct-2007

Resolution

fact
VigilEnt Security Agent for iSeries 5.4/7.0

fact
VigilEnt Security Agent for AS/400 5.3/6.3

symptom
Unable to find some profile change transactions in the 'Changes to User Profiles' report.

symptom
User profiles were changed without explanation.

cause
Changing to a Security Level 30 from a lower level may yield such results.

fix

VigilEnt Security Agent for iSeries does not automatically change any user profile after an initial program load (IPL). When your system is changed to a Security Level 30 from a Lower Level, the system can change some user profiles after the next IPL. IBM does not write these changes to the auditing journal during this process; therefore, reports such as 'Changes to User Profiles' cannot return data regarding the changes made. For additional information about changing to Security Level 30 from a Lower Level, access the following link provided by IBM. 

www-1.ibm.com/support/docview.wss?uid=nas1724910b6fa21ef41862565c2007d3043&rs=110

note
Special authorities are added to and removed from user profiles to match the default special authorities for the user class. For example, *ALLOBJ special authority is removed from all user profiles except those with a user class of *SECOFR.



note
In addition to the security provided at Level 20, Level 30 provides the following security functions: 
  • Users must be specifically given authority to use resources on the system.
  • Only user profiles created with the *SECOFR security class are given *ALLOBJ special authority automatically.


Additional Information

Formerly known as NETIQKB31333

Feedback service temporarily unavailable. For content questions or problems, please contact Support.