Admin Alert: More On Porting User Profiles Between IBM i Partitions
August 13, 2014 Joe Hertvik
After receiving reader email about my recent tip on how to port IBM i user profiles from one partition to another, I found there were two items that deserved more explanation and correction: 1) Restoring user profiles for multiple users; and 2) related parameters and objects that a restored profile needs. Here are some corrections and additional information that fill in the gaps that were missing from my previous article.
Correcting How To Use RSTAUT For Multiple Restored User Profiles
Reader David Miller asked me to clarify what I meant when I said the following about restoring private authorities for restored user profiles by using the Restore Authority (RSTAUT) command.
Unlike the RSTUSRPRF command, RSTAUT will only restore authorities for one user at a time, meaning you’ll have to run one RSTAUT command for each profile you’re restoring. You can’t restore authorities for multiple user profiles or wildcard profile names.
My mistake was in saying that you aren’t able to run one RSTAUT command to restore all private authorities for multiple users that were ported from one partition to another.
I was wrong. You can do it.
After looking at the command again, I realized that you can restore private authorities for all the users you ported between machines with one RSTAUT command.
Here’s how to do it.
David Miller pointed out that he has used RSTAUT in this capacity several times and that when he runs RSTAUT with no parameters, it restores all user profile authority with one brush stroke.
When you run RSTAUT with no parameters, your IBM i system actually runs the following command.
According to IBM‘s RSTAUT documentation, running the command with the user profile parameter equal to *ALL will restore private authorities for “all of the user profiles that are restored but do not have their private authorities restored. This includes user profiles that were restored using multiple previous Restore User Profile (RSTUSRPRF) commands.”
Correcting my previous statement, this means you can do the following when moving multiple user profiles from one partition to another.
In addition, RSTAUT offers two more features for restoring private authorities for multiple user profiles. You can restore authorities for a specific list of restored user profiles by running RSTAUT this way.
RSTAUT USRPRF(USER1 USER2 USER3 etc)
Where user1, user2, user3 would be equal to exact user names.
Using this syntax, you can specify an exact list of users to restore private authorities for. And RSTAUT will only restore private authorities for the users who are specifically listed in this command.
You can also specify wildcard characters when restoring private authorities. Simply run RSTAUT using this syntax.
This command will restore private authorities for any user profile that starts with the wildcard string ending in an ‘*”. For this command, RSTAUT would restore private authorities for any user profile name that starts with the string USER.
My apologies for this mistake in my original article. You can restore private authorities for multiple user profiles using just one command, as I learned this week from David Miller.
What A Restored User Profile Needs
Another reader checked in asking what I was referring to as the last step in restoring a user profile to a new system: checking referenced parameters inside a restored profile to see if the profile refers to any objects that aren’t present on the new system. He asked for further explanation as to what I meant when I referred to “parameters inside a restored user profile.”
All user profiles have a number of parameters that refer to other objects on the partition. These referenced objects may or may not be present on your target machine when you restore a user profile.
Because of this, you should use the Change User Profile (CHGUSRPRF) command or the IBM i Access for Windowsâ€™ System i Navigator program (OpsNav) to double-check that the following user profile parameters in your restored profiles are present on your target machine. A restored user profile may have trouble signing on if it references a parameter that doesnâ€™t exist on your target partition.
For restored profiles, check these user profile parameters to make sure they reference valid IBM i objects on your target system.
If you’re restoring a profile for your DR system, this may not be an issue as all of these referenced parameters may already be present on both the DR box (target) and on the source box. But if you’re porting a profile that has never been present on the target system, you may need to recreate one or more of these objects that the restored profile is pointing to or change the user profile to point to another object that is present on your system.
Generally, you should review any restored user profiles and check all parameters that reference a library to see if those values are still valid.
Why Not Use A Third-Party Package For Porting Users?
One vendor wrote in asking why I didn’t discuss using a third-party package for porting profiles between partitions. He stated that his product and several competitors’ products allow you to easily move profiles between partitions and provide additional capabilities. The question was why I didn’t bring up those products.
While I like and use several third-party products, I only occasionally mention and advocate their use in my Four Hundred Guru columns. The Admin Alert column and my Four Hundred Guru tips provide techniques that can be used by all IBM i administrators. I’m writing admin tips for everyone using only the common tools that IBM provides: the commands, APIs, and configurations included with the IBM i operating system along with some free utilities IBM provides. This creates a do-it-yourself (DIY) focus for Admin Alert that spotlights native solutions and mostly precludes the use of third-party packages.
While I love and use several third-party packages myself, this column will continue to mainly focus on DIY solutions that are accessible to all IBM i shops. As appropriate, I’ll mention third-party packages for particular solutions but overall, most solutions are do-it-yourself affairs that all IBM i administrators can use.
Joe Hertvik is an IBM i subject matter expert (SME) and the owner of Hertvik Business Services, a content strategy company that provides white papers, case studies, blogging, and social media services for B2B software companies. Joe also runs a data center and help desk for several companies. Joe has written the Admin Alert column since 2002.