Last active
October 26, 2021 19:43
-
-
Save forstie/676cb5e0c8dff9d8ea5822e1ae08a69e to your computer and use it in GitHub Desktop.
The request was, is there an SQL alternative to the command ANZDFTPWD ACTION(*NONE)? The answer was a resounding YES.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- | |
| -- Subject: SQL alternatives to Analyze Default Passwords (ANZDFTPWD) ACTION(*NONE) | |
| -- Author: Scott Forstie | |
| -- Date : October 26, 2021 | |
| -- Features Used : This Gist uses user_info_basic, grouping, and SYSTOOLS.CHANGE_USER_PROFILE | |
| -- | |
| -- Function - The request was, is there an SQL alternative to the command ANZDFTPWD ACTION(*NONE) ? | |
| -- | |
| -- | |
| stop; | |
| -- | |
| -- | |
| -- ============================================================================== | |
| -- | |
| -- User_info_basic | |
| -- Doc: https://www.ibm.com/docs/en/i/7.4?topic=services-user-info-basic-view | |
| -- | |
| -- Please note in the documentation it states: | |
| -- To see a non-null value for the USER_DEFAULT_PASSWORD column, the caller must have *ALLOBJ and *SECADM authority. | |
| -- | |
| -- Total number of user profiles where the user profile name matches the password | |
| -- ============================================================================== | |
| -- | |
| select count(*) as default_password_count | |
| from qsys2.user_info_basic | |
| where USER_DEFAULT_PASSWORD = 'YES'; | |
| stop; | |
| -- | |
| -- Review the count, grouped by the status of the user profile | |
| -- ============================================================================== | |
| -- | |
| select status, count(*) as default_password_count | |
| from qsys2.user_info_basic | |
| where USER_DEFAULT_PASSWORD = 'YES' | |
| group by status | |
| order by 1; | |
| stop; | |
| -- | |
| -- ============================================================================== | |
| -- CHANGE_USER_PROFILE table function | |
| -- https://www.ibm.com/docs/en/i/7.4?topic=services-change-user-profile-table-function | |
| -- | |
| -- If you want to use SQL for more than just reporting, consider this option. | |
| -- If you change PREVIEW => 'YES' to PREVIEW => 'NO' and those CHGUSRPRF commands will be executed | |
| -- | |
| -- Note: USER_INFO is used here because we need the USER_CREATOR column to have a value | |
| -- | |
| -- ============================================================================== | |
| select cp.* from QSYS2.USER_INFO, | |
| table ( | |
| SYSTOOLS.CHANGE_USER_PROFILE( | |
| P_USER_NAME => AUTHORIZATION_NAME, P_STATUS => '*DISABLED', PREVIEW => 'YES' | |
| ) | |
| ) cp | |
| where STATUS = '*ENABLED' and | |
| user_creator <> '*IBM' and | |
| USER_DEFAULT_PASSWORD = 'YES'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment