How do I generate real-time alerts for changes to specific user profiles?
How can I receive notification when a specific user profile is changed?
Profile and Password Management (PPM) 7.5
Profile and Password Management (PPM) 8.0
NetIQ Security Solutions for iSeries 8.0
VigilEnt Security Agent for iSeries 7.5
To maintain the integrity and security of your operational environment, you should monitor and receive immediate notification of changes to specific user profiles, especially powerful profiles and communications profiles. To generate real-time alerts for changes to specific user profiles, you must use the attached source code to create a program that will generate the desired alert.
Program ZPCLAPICHG will generate a notification to QHST similar to the following, when a user profile is changed:
User profile Q123456789 was CHANGED in job 224455/QSECOFR/QPADEV0000.
The alerts that are sent to QHST will be picked up by PSDetect and can be managed through the PSDetect alert queue QHST.
Use the following steps to implement this program:
- Save the fileÂ https://download.netiq.com/kb/files/ZPCLAPICHG.txtÂ to the root of your PC?s local (C) drive.
- Copy the file from the PC to the iSeries using FTP:
- Open a new DOS or command window.
- Type the following command substituting the name of the iSeries server for [system name].Â The iSeries IP (internet address) can be used instead of the system name.
- Type a user ID at the FTP prompt, and press Enter.
- Type the password at the FTP prompt, and press Enter.
- Type the following FTP commands, pressing Enter after each:
put c:\ZPCLAPICHG.txtÂ QGPL/QCLSRC.ZPCLAPICHG
- OnÂ an iSeries command line, type
CALL QCMD,Â press Enter, andÂ then run the following commands:
CRTCLPGM QGPL/ZPCLAPICHG QGPL/QCLSRC TEXT('React to action on user profile') REPLACE(*YES) ALWRTVSRC(*NO) AUT(*EXCLUDE)
CHGPGM QGPL/ZPCLAPICHG USRPRF(*OWNER) USEADPAUT(*YES) RMVOBS(*ALL)
CHGOBJOWN QGPL/ZPCLAPICHG *PGM NEWOWN(PSOBJOWN)
GRTOBJAUTÂ OBJ(QGPL/ZPCLAPICHG) OBJTYPE(*PGM) REFOBJ(PSSECURE/ZPCL47)
CRTDTAARA DTAARA(PSSECURE/ZPCHGP0100) TYPE(*CHAR) LEN(10) VALUE('ZPCLAPICHG') TEXT('Called from QIBM_QSY_CHG_PROFILE/CHGP0100') AUT(*EXCLUDE)
CHGOBJOWNÂ OBJ(PSSECURE/ZPCHGP0100) OBJTYPE(*DTAARA) NEWOWN(PSOBJOWN)
GRTOBJAUTÂ OBJ(PSSECURE/ZPCHGP0100) OBJTYPE(*DTAARA) REFOBJ(PSSECURE/ZPDA01)
ADDMSGD MSGID(ZPW0501) MSGF(PSSECURE/ZPMSGS) MSG('User profile &1 was &2 in job &5/&4/&3 on system XXXXXXXX.')Â FMT((*CHAR 10) (*CHAR 10) (*CHAR 10) (*CHAR 10) (*CHAR 6))
CRTDUPOBJ ZPPF08 PSSECURE *FILE QGPL USRPRFALT DATA(*NO)
CHGOBJOWN QGPL/USRPRFALT *FILE NEWOWN(PSOBJOWN)
GRTOBJAUT QGPL/USRPRFALT *FILE REFOBJ(PSSECURE/ZPPF08)
- Use the following commands to load the file with the specific user profiles to monitor. Repeat the PSRUNSQL command for each user profile to monitor, substituting UUUUUUUUUU with each user profile name:
PSRUNSQL REQUEST('insert into QGPL/USRPRFALT (XUSER) VALUES(''UUUUUUUUUU'')')
- Configure PPM Profile and Password Synchronization even though it will not actually be used for synchronization. It is necessary for the configuration objects and installs user profile exit programs. To configure PPM Profile and Password Synchronization, from PSMENU, select options 2, 2, 2, and 8.
- If you are not currently using PPM Profile and Password Synchronization to propagate profiles and passwords, disable synchronization globally. To disable synchronization, from PSMENU, select options 2, 2, 2, and 4. On the Profile Synchronizer Defaults screen, change the first four fields to
- Add user profile exit programs. To add user profile exit programs, from PSMENU, select options 2, 2, 2, and 10.
I>Configure PSDetect to get alerts from QHST and perform specified actions by performing the following steps:
- From PSDetect menu, select option 3 (Work With Alert Filters) and press Enter.
- Select the Alert Queue QHST with option 5 (=Work with Filters) and press Enter.
- Press F6 (Create) to add a new filter.
- Specify the filter sequence and filter description (?user profile changes?) and press Enter.
- Specify Message ID ZPW0501, Message file ZPMSGS, and Library PSSECURE and press Enter twice.
- Press F4 to view list of available actions.
- Select the desired action using option 1, press Enter, and complete the alert configuration.