Skip to content

Instantly share code, notes, and snippets.

@forstie
Created November 16, 2019 17:08
Show Gist options
  • Save forstie/a47869f799aed5f7d552c7dc45489821 to your computer and use it in GitHub Desktop.
Save forstie/a47869f799aed5f7d552c7dc45489821 to your computer and use it in GitHub Desktop.
Security implementations can and should be monitored closely and on a regular cadence. This is one example where SQL can be used instead of the Analyze Default Passwords (ANZDFTPWD) command.
--
-- Note, this example might take a while to run because its doing an exhaustive evaluation of which
-- users have *ALLOBJ special authority, either directly in their profile or indirectly via
-- group profile membership.
--
-- Next, those "super" users are evaluated to determine which (if any) of them have their password
-- set to match their user profile. (aka using a default password)
--
-- If this returns zero rows... good!
--
--
-- *ALLOBJ users that have a default password (yikes!)
--
select authorization_name, status
from qsys2.user_info u
where user_default_password = 'YES' and
(special_authorities like '%*ALLOBJ%'
or authorization_name in (select user_profile_name
from qsys2.group_profile_entries
where group_profile_name in (select authorization_name
from qsys2.user_info
where special_authorities like '%*ALLOBJ%')))
order by authorization_name;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment