The best time to test a user profile, is when you initially create it. If, however, you have never tested your user profiles, you may want to tackle a project to get the profiles on your system tested on a periodic basis to make sure that they conform to your security objectives.
Set the profile password to a temporary code set the PWDEXP parameter for the profile to *YES. This will allow a single signon with the temporary password and then prompt for a new password during signon. When you signon to test the profile, you can then change the password to the user's final password or to another temporary code. If you assign a new temporary code then set the PWDEXP back to *YES when you're done testing.
Check the special QEZJOBLOG output queue if login fails
Upon successful login, run a checklist like this:
- Is the right menu displayed?
- Does the user have access to the command line? If yes, should they?
- If an initial program was called for, did it execute correctly?
- What happens when you press the Attention key function? Is it what you want the user to see?
- Where is printed output going for the session? Is this where you wanted it to go?
- What happens when you attempt to run the application or applications that this user should be using?
- Are there any system tasks that the user should be able to run? Can they?
- Are there specific functions that the user should be barred from? Can you access them?
- Can the user access their printed output spool file? Do they have access to view other user's spool files? Should they?
- Check the user's desktop environment for remote access tools. Using the user profile, can the user access data on your system that they are not authorized for?