Environment
NetIQ Security Solutions for iSeries 8.0
VigilEnt Security Agent for iSeries 7.5
PSSecure
Remote Request Management (RRM)
Situation
Is there a way to clean up old user profiles from RRM?
Resolution
The Delete User NW0080B API removes user profiles from RRM in the following tables/menu options (Menu options begin with PSMENU):
- Groups and members (2,3,3,1)
- Secured Entries (2,3,1)
- Object authorities (2,3,4)
- Networks, Users, Functions, Groups (2,3,3,2)
- User/Server Overrides (2,3,6)
- User Object Action (Overrides) (2,3,7)
The API allows you to delete user profiles from RRM. The required parameters are as follows (Parameter is User Profile - 10 Characters):
- CALL PGM(PSCOMMON/NW0080B) PARM('usrprf ')
OR
-
CALL PGM(PSCOMMON/NW0080B) PARM('*ALL ')
*NOTE the value in the PARM must be 10 characters long, including spaces.
If a specific user id is specified, that ID will be deleted from the RRM files (all environments). No check is made to see if the specified user id has a corresponding *USRPRF object.
If *ALL is specified for the user id, all RRM user entries are selected and checked for corresponding *USRPRF objects. If *USRPRF object does not exist, the user id is removed from the secured entries table and all associated tables (groups, overrides, remote object authorities).
When complete, the deleted users will be gone from all environments. User profile objects (*USRPRF) are not deleted, only the RRM user profiles and their related RRM entries.
Neither Collected Entries nor RRM journal entries are affected. Auditing of the changes is done through existing trigger programs on the files.