Admin Alert: Copying User Profiles Between Systems
August 22, 2012 Joe Hertvik
There are times when IBM i administrators may need to copy a user profile from one IBM i system to another, especially when promoting software from a development to a production system. This week, I’ll illustrate three different techniques for copying profiles between systems and talk about their strengths and weaknesses.
Three Ways To Copy User Profiles Between Systems
There are three different ways that I know of to copy a user profile between IBM i operating systems. These techniques are ranked here in terms of the most difficult way to the easiest way to copy a user profile.
All of these techniques have a common flaw that you have to adjust for after the new profile is created. I’ll tell you about that later.
Here’s the drill for using each technique. I’m partial to using the System i Navigator (OpsNav) technique because it’s so easy. However, it’s good to know about the other two techniques in case you have a problem using OpsNav copy and paste.
Manually Recreate The User Profile (Most Difficult)
The most difficult technique is to use the Create User Profile (CRTUSRPRF) command to manually recreate the duplicate user profile on your target machine. The key here lies in knowing all the correct parameters to apply to your new profile. To do that, obtain a printout of the user profile from your source machine by running the following Display User Profile (DSPUSRPRF) command.
DSPUSRPRF USRPRF(user_name) TYPE(*ALL) OUTPUT(*PRINT)
This command lists all the parameters associated with that user profile. From there, it’s a simple but tedious matter to manually recreate the user profile by using CRTUSRPRF and pressing the F4 key to prompt for all the parameters. You simply fill in all the parameters, press the ENTER key and you’ll have your duplicate user profile.
(Click graphic to enlarge.)
The biggest problem with using CRTUSRPRF for copying profiles is that because it’s a manual process, you’re more likely to make an error with it than you are with the other two techniques. But it works for what you’re trying to accomplish.
Save And Restore The User Profile From One Box To Another (Moderately Difficulty)
The second technique is to copy the user profile by: 1) saving the security data on the source system using the Save Security Data (SAVSECDTA) command; and 2) restoring the individual user profile to the target system by using the Restore User Profile (RSTUSRPRF) command. Here’s how this technique works.
First, use the SAVSECDTA command to save the following security data for your system.
A security data save is included when you perform a full system backup (GO SAVE, option 21). So if you have recent full system backup media for your source box that includes the user profile to be copied, you’re in business. If not, you can easily use SAVSECDTA to save all your security data (including user profiles) to a save file by running this command.
SAVSECDTA DEV(*SAVF) SAVF(save file library name/save file name)
Where save file library and save file name are the library location and name of your save file.
If you want to save your security data to media, run a SAVSECDTA command that looks like this:
SAVSECDTA DEV(media name)
Where media name equals the name of your backup device.
The nice thing about SAVSECDTA is that you can run it anytime. You don’t need to be in restricted state. So you can save the security data while the system is running, right before you’re ready to restore it to the target machine.
Once the source system security data is saved, load your save media for use on the target system. For save files, you can move the file to the remote system via FTP or movable media. For saves to media, load the save media onto the target system.
From there, it’s a simple matter to copy the user profile to your target system, Use this Restore User Profile command if you’re restoring the user profile from a save file.
RSTUSRPRF DEV(*SAVF) USRPRF(user profile name) SAVF(save file library name/save file name)
Where user profile name is the name of the user profile you want to copy from your source system.
If you’re restoring from media, use this RSTUSRPRF command.
RSTUSRPRF DEV(device name) USRPRF(user profile name)
Where device name equals the IBM i operating system name of the media device.
Both RSTUSRPRF commands will copy (restore) the user profile to the target machine.
The only drawback with this technique is that you may need to adjust the object authorities on the restored user profile, in order for anyone to sign on with the profile. For this article, I restored a test user to an i 6.1.1 machine. After restoration, I was unable to sign on with that user because *PUBLIC authority to that restored user profile was set to *EXCLUDE (no one can use it) after the restore. I had to use the Edit Object Authority (EDTOBJAUT) command and change the restored user’s authorities to give them operational, management, and reference authorities, before the user was able to sign on.
So be aware of that one modification you may have to make for using this technique.
Using System i Navigator To Copy User Profiles (Easiest)
I’ve found the easiest way by far is to use System i Navigator (OpsNav) to copy user profiles between systems. Here’s what to do to copy a user profile between systems using OpsNav.
1. Go into OpsNav and open the Users and Groups→All Users node under your source system. Right-click on the user profile (highlight) you want to copy and do one of the following: Select Copy off the pop-up menu that appears; or Select Edit→Copy from the System i Navigator menu bar.
This will copy the user profile to the Windows clipboard.
(Click graphic to enlarge.)
2. Open the Users and Groups→All Users node for your target system in OpsNav. Click on the All Users node in the left-hand pane of OpsNav and select Edit→Paste from the menu bar. This will bring up the following New User panel for your target system.
(Click graphic to enlarge.)
Fill in whatever other parameters you need for this user. Then click on the Add button to add the user to your target system. System i Navigator will check the user profile for errors such as belonging to a group that doesn’t exist on the target system, and it will flash up a warning screen if there’s a problem. If needed, correct any errors flagged by OpsNav and press Add again.
This will add the copied user to the target system.
See. I told you the OpsNav solution was the easiest.
The Common Problem With All Three Solutions
While the OpsNav copy-and-paste technique will do error-checking to ensure the profile can function in your target system, you may still need to edit your newly copied profiles to insure they are set up correctly for your target system. In particular, double-check to make sure the following settings (parameters) in the copied user profile exist on the target system. The copied profile may be dependent on these parameters and the user may not be able to sign on if these referenced items are not present on the target machine.
While OpsNav copy-and-paste does a better job editing for these errors than the other techniques, invalid values for the target system may slip through when using all three methods. In my experience, these are the most common items to adjust or add with copied profiles and may need to be adjusted for the user to work.
Follow Me On My Blog, On Twitter, And On LinkedIn
Check out my blog at joehertvik.com, where I focus on computer administration and news (especially IBM i); vendor, marketing, and tech writing news and materials; and whatever else he come across.
Joe Hertvik is the owner of Hertvik Business Services, a service company that provides written marketing content and presentation services for the computer industry, including white papers, case studies, and other marketing material. Email Joe for a free quote for any upcoming projects. He also runs a data center for two companies outside Chicago. Joe is a contributing editor for IT Jungle and has written the Admin Alert column since 2002.