I would keep the id in place & make it the "Application" owner. Change the user profile so it can't log in. ie. initial program to signoff etc. Change the password, if it is not hard coded somewhere for FTP etc.

You can always change apps piece by piece.

If you don't have an FTP exit point set yet. Get it & use it to log FTP traffic to see if & where this id is being used.

Vincent

On 10/20/14, Jim Oberholtzer <midrangel@xxxxxxxxxxxxxxxxx> wrote:
There was an earlier suggestion about simply changing the exiting owner
profile to be the new owner without the reference to the user etc. (Sorry I
can't remember who suggested it)

I think in the case cited here, that is by far and away the best move. At
the very least it would be my choice.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] <midrange-l-bounces@xxxxxxxxxxxx]> On Behalf Of
Vernon Hamberg
Sent: Monday, October 20, 2014 12:17 PM
To: Midrange Systems Technical Discussion
Subject: Re: Delete powerful profile that owns everything

Good point about IFS - no adopting authority over IFS objects.

I believe one doesn't have to go whole-hog on swapping profiles - there is a
change with less impact - changing the UID or GID of the user.

There are a couple APIs for those changes, and someone will have to confirm
this - it's been too long since I looked at this.

Vern

On 10/20/2014 11:45 AM, rob@xxxxxxxxx wrote:
Adopting authority is easy. Just look for objects by owner that
DSPPGM shows User profile *OWNER. Now, if you're concerned whether or
not the programs have used recently that will take a little more
looking into. But not much.

Swapping profiles is different than adopting authority. A little more
work to do but adopting authority is a joke when it comes to the
stream file system (aka IFS to those who don't believe that qsys.lib
is part of the IFS).


Rob Berendt

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.