Manage Learn to apply best practices and optimize your operations.

Set up the most relevant parameters

We have a profile that we don't want to be used for sign on, but batch jobs need to be able to run using the profile. Should we disable the profile, or change the initial program to *signoff? What is the difference between the two options?

Assuming the batch-only user profile is called OurBatchPrf, the easiest way to set up the most relevant parameters is probably like:


Other parameters will depend on your environment, but these match what you need. Since the user profile will only be used for batch jobs, there should never be a need for an interactive signon. Therefore, there should be no password. And as long as there is no signon, there's no need for an initial program nor an initial menu; might as well make the values reflect the need.

It is possible to use a *DISABLED user profile for various batch processing functions. However, there are pitfalls related to various security APIs and system messages that make PASSWORD(*NONE) cleaner and much more predictable, not to mention the possible support issues with IBM. I would only use a *DISABLED profile for very specific purposes where I knew the precise behavior that would result. I certainly can't recommend it.


The Best Web Links: Tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Read this Search400 Featured Topic: Secure your iSeries

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.