Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Security implementations can and should be monitored closely and on a regular cadence. This is one example where SQL can be used instead of the Analyze Default Passwords (ANZDFTPWD) command.
-- Note, this example might take a while to run because its doing an exhaustive evaluation of which
-- users have *ALLOBJ special authority, either directly in their profile or indirectly via
-- group profile membership.
-- Next, those "super" users are evaluated to determine which (if any) of them have their password
-- set to match their user profile. (aka using a default password)
-- If this returns zero rows... good!
-- *ALLOBJ users that have a default password (yikes!)
select authorization_name, status
from qsys2.user_info u
where user_default_password = 'YES' and
(special_authorities like '%*ALLOBJ%'
or authorization_name in (select user_profile_name
from qsys2.group_profile_entries
where group_profile_name in (select authorization_name
from qsys2.user_info
where special_authorities like '%*ALLOBJ%')))
order by authorization_name;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.