CHGUSRPRF

CHGUSRPRF (Change User Profile)

CHGUSRPRF Command syntax diagram

Purpose

The Change User Profile (CHGUSRPRF) command changes the values specified in a user profile.
The password validation rules are not verified by the system when a password is changed by this command. A description of the password validation rules is in the iSeries Security Reference book.

Restrictions

You must have *SECADM special authority, and *OBJMGT and *USE authorities to the user profile being changed, can specify this command.

*USE authority to the current library, program, menu, job description, message queue, print device, output queue, or ATTN key handling program is required to specify these parameters.

Required Parameters

USRPRF

Specifies the name of the user profile whose values are being changed. A numeric user profile can be specified. If the user profile is numeric, then it must begin with a Q.
The following IBM-supplied objects are not valid on this parameter:

QAUTPROF QDSNX QPEX QYPSJSVR QCOLSRV QFNC QPM400 QDBSHR QGATE QSNADS QDBSHRDO QIPP QSPL QDFTOWN QLPAUTO QSPLJOB QDIRSRV QLPINSTALL QSYS QDLFM QMSF QTCP QDOC QNTP QTSTRQS

Optional Parameters

PASSWORD

Specifies the password that allows the user to sign on the system. The password is associated with a user profile and is used by the system to represent the user in the system. The passwords should be known only to the individual user. A numeric password can be specified. When the system is operating at password level 0 or 1 and the password is numeric, then the password must begin with a Q, for example, Q1234 where 1234 is the password used for signing on the system.

Note: The password level is controlled by the Password Level (QPWDLVL) system value.

Note: The new password is not checked against the password validation rules. The password validation rules are defined by OS/400 system values. For a description of the password validation rules, see the iSeries Security Reference
book.

*SAME: The value does not change.
*NONE: No password is associated with this user profile. Users cannot sign on a system with a profile that has PASSWORD(*NONE) specified.
'user-password': When the system is operating at password level 0 or 1, specify an alphanumeric character string of 10 characters or less. The first character must be alphabetic and the other characters must be alphanumeric.
When the system is operating at password level 2 or 3, specify a character string of 128 characters or less.

SPCAUT

Specifies the special authorities given to a user. Special authorities are required to perform certain functions on the system. Special authorities cannot be removed from many of system supplied user profiles including QSECOFR and QSYS.

Restrictions

The user profile creating or changing another user profile must have all of the special authorities being given. All special authorities are needed to grant all special authorities to another user profile.

A user must have *ALLOBJ and *SECADM special authorities to grant a user *SECADM special authority when using the CHGUSRPRF command.

The user must have *ALLOBJ, *SECADM, and *AUDIT special authorities to grant a user *AUDIT special authority when using the CHGUSRPRF command.

Specify one of the following values:
*SAME: The value does not change.
*USRCLS: Special authorities are given to the user based on the value entered in the USRCLS parameter.
*NONE: No special authority is given to the user.
Or specify one or more of the following:
*SAVSYS: Save system authority is given to the user profile. This user has the authority to save, restore, and free storage for all objects on the system, with or without object management authority.
*IOSYSCFG: Input/output (I/O) system configuration authority is granted to the user. The user has authority to change system I/O configurations.
*JOBCTL: Job control authority is given to the user. The user has authority to change, display, hold, release, cancel, and clear all jobs that are running on the system or that are on a job queue or output queue that has OPRCTL (*YES) specified. The user also has the authority to start writers and to stop active subsystems.
*ALLOBJ: All object authority is given to the user. The user can access any system resource with or without private user authorizations.
*SECADM: Security administrator authority is given to the user. The user can create, change, or delete user profiles if authorized to the Create User Profile, Change User Profile, or Delete User Profile commands and is authorized to the user profile. This right does not allow giving special authorities not in this user's profile.
*SERVICE: Service authority is given to the user. The user can perform service functions.
*SPLCTL: Spool control authority is given to the user. The user can perform all spool functions.
*AUDIT: Audit authority is granted to the user. This user is given the authority to perform auditing functions. Auditing functions include turning auditing on or off for the system and controlling the level of auditing on an object or user.

PWDEXP

Specifies that the user's password is set to expired. If the password is set to expired, the user is required to change the password to sign on the system. When the user attempts to sign on the system, the Sign-On Information display is shown and the user has the option to change the password.
*SAME: The value does not change.
*NO: The password is not set to expired.
*YES: The password is set to expired.

STATUS

Specifies whether the profile is in an enabled or disabled status.
*SAME: The value does not change.
*ENABLED: The profile is enabled.
*DISABLED: The profile is disabled.

USRCLS

Specifies the class of user associated with this user profile: security officer, security administrator, programmer, system operator, or user. User class determines which menu options are shown. The special authorities defined by the user class are used only if SPCAUT(*USRCLS) is specified. If SPCAUT(*USRCLS) is specified, the special authorities granted will differ depending on the QSECURITY value.
*SAME: The value does not change.
*SECOFR: At all levels of security, the security officer has the following special authorities:

*ALLOBJ

*SAVSYS

*JOBCTL

*SERVICE

*SPLCTL

*SECADM

*AUDIT

*IOSYSCFG

*SECADM: At QSECURITY level 10 or 20, the security administrator has *ALLOBJ, *SAVSYS, *SECADM, and *JOBCTL special authorities.
At QSECURITY level 30 or above, the user has *SECADM special authority.
*PGMR: At QSECURITY level 10 or 20, the programmer has *ALLOBJ, *SAVSYS, and *JOBCTL special authorities.
At QSECURITY level 30 or above, the user has no special authorities.
*SYSOPR: At QSECURITY level 10 or 20, the system operator has *ALLOBJ, *SAVSYS, and *JOBCTL special authorities.
At QSECURITY level 30 or above, the user has *SAVSYS and *JOBCTL special authorities.
*USER: At QSECURITY level 10 or 20, the user has *ALLOBJ and *SAVSYS authority.
At QSECURITY level 30 or above, the user has no special authorities.

ASTLVL

Specifies which user interface is used.
*SAME: The value does not change.
*SYSVAL: The system determines the graphic character set and code page values for the command parameters from the QCHRID system values.
*BASIC: The Operational Assistant* user interface is used.
*INTERMED: The system interface is used.
*ADVANCED: The expert system interface is used. To allow for more list entries, the options keys and the function keys are not displayed. If a command does not have an advanced (*ADVANCED) level, the intermediate (*INTERMED) level is used.

SPCENV

Specifies the special environment in which the user operates after signing on the system.
*SAME: The value does not change.
*SYSVAL: The system value, QSPCENV, is used to determine the system environment after the user signs on the system.
*NONE: The user operates in the iSeries 400 environment after signing on the system.
*S36: The user operates in the System/36 environment after signing on the system.

DSPSGNINF

Specifies whether the sign-on information display is shown when the user signs on the system. This allows users to see the sign-on information, such as date of last sign-on and sign-on attempts that were not valid. If the password is due to expire in 7 days or less, the number of days until the password expires is shown.
*SAME: The value does not change.
*SYSVAL: The system value QDSPSGNINF is used to determine whether the sign-on information display is shown when the user signs on the system.
*NO: The sign-on information display is not shown when the user signs on the system.
*YES: The sign-on information display is shown when the user signs on the system.

PWDEXPITV

Specifies the number of days (from the password changed date) before a password expires.
*SAME: The value does not change.
*SYSVAL: The system value QPWDEXPITV is used to determine the password expiration interval.
*NOMAX: There is no password expiration interval.
password-expiration-interval: Specify the number of days after which the password expires. Valid values range from 1 to 366.

LMTDEVSSN

Specifies whether the number of device sessions allowed for the user is limited to one. This does not limit the System Request menu or a second sign-on.
*SAME: The value does not change.
*SYSVAL: The system value QLMTDEVSSN is used to determine whether the user is limited to one device session.
*NO: The user is not limited to one device session.
*YES: The user is limited to one device session.

KBDBUF

Specifies the keyboard buffering value used when a job is initialized for this user profile. The new value takes effect the next time the user signs on. If the type-ahead feature is active, the keystrokes can be buffered. If the attention key buffering option is active, the attention key is buffered like any other key. If the attention key is not active, the attention key is not buffered and is sent to the system even if the display station is input inhibited. The keyboard buffer value can also be set by a user application using the QWSSETWS program. More information is in Application Program Interfaces (APIs) topic in the Information Center.
*SAME: The value does not change.
*SYSVAL: The system value, QKBDBUF, is used to determine the keyboard buffering value for this profile.
*NO: The type-ahead feature and attention key buffering option are not active for this user profile.
*TYPEAHEAD: The type-ahead feature is active for this user profile.
*YES: The type-ahead feature and attention key buffering option are active for this user profile.

MAXSTG

Specifies the maximum amount of auxiliary storage (kilobytes) assigned to store permanent objects owned by this user profile (1 kilobyte equals 1024 bytes). If the maximum is exceeded when an interactive user tries to create an object, an error message is displayed, and the object is not created. If the maximum is exceeded when an object is created in a batch job, an error message is sent to the job log (depending on the logging level of the job), and the object is not created.
Storage is allocated in 4K increments. Therefore, if you specify MAXSTG (9), the profile is allocated 12K of storage.
When planning maximum storage for user profiles, consider the following system actions:

A restore operation assigns the storage to the user doing the restore, and then transfers the object to the owner. For a large restore, specify MAXSTG(*NOMAX).

The user profile that creates a journal receiver is assigned the required storage as the receiver size grows. If new receivers are created using JRNRCV(*GEN), the storage continues to be assigned to the user profile that owns the active journal receiver. If a very active journal receiver is owned, specify MAXSTG(*NOMAX).

User profiles that transfer created objects to their group profile must have adequate storage in the user profiles to contain created objects before the objects are transferred to the group profile.

The owner of the library is assigned the storage for the descriptions of objects which are stored in a library, even when the objects are owned by another user profile. Examples of such objects are text and program references.

Storage is assigned to the user profile for temporary objects used while a job is running. Examples of such objects are commit control blocks, file editing space, and documents.

*SAME: The value does not change.
*NOMAX: As much storage as required is assigned to this profile.
maximum-K-bytes: Specify the maximum amount of storage (in kilobytes) that can be assigned to the user with this profile (1 kilobyte equals 1024 bytes). The maximum storage allowed can be less than the current maximum storage used for the user profile.

PTYLMT

Specifies the highest scheduling priority the user is allowed to have for each job submitted to the system. This value controls the job processing priority and output priority for any job running under this user profile; that is, values specified in the JOBPTY and OUTPTY parameters of any job command cannot exceed the PTYLMT value of the user profile under which the job is run. The scheduling priority can have a value ranging from 1 through 9, where 1 is the highest priority and 9 is the lowest priority. More information on this parameter is in Commonly used parameters.
*SAME: The value does not change.
priority-limit: Specify a value ranging from 1 to 9 for the highest scheduling priority allowed to the user.

CURLIB

Specifies the name of the library being used as the current library for jobs initiated by this user profile. If *PARTIAL or *YES is specified for the LMTCPB parameter in the user profile, the user cannot change the current library at sign-on or by using the Change Profile (CHGPRF) command.
*SAME: The value does not change.
*CRTDFT: This user has no current library. If objects are created and placed in the current library by using *CURLIB on a create command, the QGPL library is used as the default current library.
current-library-name: Specify the name of the library that is this user's current library after sign-on to the system.

INLPGM

Specifies, for an interactive job, the name of the program called whenever a new routing step is started that has QCMD as the request processing program. If *PARTIAL or *YES is specified on the LMTCPB parameter in the user profile, the program value cannot be changed at sign on or by using the Change Profile (CHGPRF) command. No parameters can be passed to the program.
A system/36 environment procedure name can be specified as the initial program if the procedure is a member of the file QS36PRC (in the library list or specified library) and if either of the following conditions are true:

*S36 is specified for the SPCENV parameter.

*SYSVAL is specified for the SPCENV parameter and the system value, QSPCENV, is *S36.

*SAME: The value does not change.
*NONE: No program is called when the user signs on the system. If a menu name is specified in the INLMNU parameter, that menu is displayed.
The name of the program can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

program-name: Specify the name of the program called after the user signs on the system.

INLMNU

Specifies the name of the initial menu displayed when the user signs on the system if the user's routing program is the command processor QCMD. If *YES is specified for the LMTCPB parameter in the user profile, the user cannot change the menu either at sign-on or with the Change Profile (CHGPRF) command.
A system/36 environment menu can be specified as the initial menu if either of the following conditions are true:

*S36 is specified for the SPCENV parameter.

*SYSVAL is specified for the SPCENV parameter and the system value, QSPCENV, is *S36.

*SAME: The value does not change.
*SIGNOFF: The system signs-off the user when the initial program completes. This is intended for users authorized only to run the program.
The name of the menu can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

menu-name: Specify the name of the initial menu called after the user signs on the system.

LMTCPB

Specifies the limit to which the user can control the program, menu, current library, and the ATTN key handling program values. It also determines whether the user can run commands from a command line. This parameter is ignored when the security level is 10.

Note: When creating or changing other users' user profiles, users running this command cannot specify values on this parameter that grant greater capabilities to other users than their own user profiles grant to them. For example, if *PARTIAL is specified on the LMTCPB parameter in the user profile of the user running this command, *PARTIAL or *YES can be specified for another user. *NO cannot be specified for another user.

*SAME: The value does not change.
*NO: The program, menu, and current library values can be changed when the user signs on the system. Users may change the program, menu, current library, or ATTN key handling program values in their own user profiles with the Change Profile (CHGPRF) command. Commands can be run from a command line.
*PARTIAL: The program and current library cannot be changed on the sign-on display. The menu can be changed and commands can be run from a command line. A user can change the menu value with the Change Profile (CHGPRF) command. The program, current library, and the ATTN key handling program cannot be changed using the Change Profile command.
*YES: The program, menu, and current library values cannot be changed on the sign-on display. Commands cannot be run when issued from a command line or by selecting an option from a command grouping menu such as CMDADD, but can still be run from a command entry screen. The user cannot change the program, menu, current library, or the ATTN key program handling values by using the Change Profile (CHGPRF) command.

JOBD

Specifies the name of the job description used for jobs that start through subsystem work station entries. If the job description does not exist when the user profile is created or changed, a library qualifier must be specified, because the job description name is kept in the user profile.
*SAME: The job description name does not change.
The name of the job description can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

job-description-name: Specify the name of the job description used for the work station entries whose job description parameter values indicate the user (JOBD(*USRPRF)).

GRPPRF

Specifies the user's group profile name whose authority is used if no specific authority is given for the user. The current user of this command must have *OBJMGT, *CHANGE, *OBJOPR, *READ, *ADD, *UPD, AND *DLT authority to the profile specified on the GRPPRF parameter. The required *OBJMGT authority cannot be given by a program adopt operation.

Notes

When a group profile is specified, the user is automatically granted *CHANGE and *OBJMGT authority to the group profile.

The following IBM-supplied objects are not valid on this parameter:

QAUTPROF QFNC QSNADS QCLUMGT QGATE QSPL QCLUSTER QIPP QSPLJOB QCOLSRV QLPAUTO QSRV QDBSHR QLPINSTALL QSRVBAS QDBSHRDO QMSF QSYS QDFTOWN QNETSPLF QTCM QDIRSRV QNFSANON QTCP QDLFM QNTP QTFTP QDOC QPEX QTSTRQS QDSNX QPM400 QYPSJSVR QEJB QRJE

*SAME: The value does not change.
*NONE: This user profile has no group profile.
user-profile-name: Specify the name of the group profile used with this user profile.

OWNER

Specifies the user profile that is the owner of newly created objects.
*SAME: The value does not change.
*USRPRF: The user profile associated with the job is the owner of the object.
*GRPPRF: The group profile is made the owner of newly created objects and has all authority to the object. The user profile associated with the job does not have any specific authority to the object. If *GRPPRF is specified, a user profile name must be in the GRPPRF parameter, and the GRPAUT parameter cannot be specified.

GRPAUT

Specifies the specific authority given to the group profile for newly created objects. If *GRPPRF is specified on the OWNER parameter, specification of this parameter is not allowed.
*SAME: The value does not change.
*NONE: No group authority is granted.
*ALL: The user can perform all operations except those limited to the owner or controlled by authorization list management authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user also can change ownership of the object.
*CHANGE: The user can perform all operations on the object except those limited to the owner or controlled by object existence authority and object management authority. The user can change and perform basic functions on the object. Change authority provides object operational authority and all data authority.
*USE: The user can perform basic operations on the object, such as running a program or reading a file. The user cannot change the object. *USE authority provides object operational authority, read authority, and execute authority.
*EXCLUDE: The user cannot access the object.

GRPAUTTYP

Specifies the type of authority to be granted to the group profile for newly-created objects. If *NONE is specified on the GRPAUT parameter, specification of this parameter is ignored.
*SAME: The value does not change.
*PRIVATE: The group profile is granted private authority to newly-created objects, with the authority value determined by the GRPAUT parameter. If the authority value in the GRPAUT parameter is *NONE, this value is ignored.
*PGP: The group profile is the primary group for newly-created objects, with the authority value determined by the GRPAUT parameter. If the authority value in the GRPAUT parameter is *NONE, this value is ignored.

SUPGRPPRF

Specifies the user's supplemental group profiles. The profiles specified here, along with the group profile specified on the GRPPRF parameter, are used to determine what authority the user has if no specific user authority is given for the job. If profiles are specified for this parameter, a group profile name must have been specified on the GRPPRF parameter for this user profile (either on this command or a previous Create User Profile (CRTUSRPRF) or CHGUSRPRF command. The current user of this command must have *OBJMGT, *CHANGE, *OBJOPR, *READ, *ADD, *UPD, AND *DLT authority to the profiles specified on the SUPGRPPRF parameter. The required *OBJMGT authority cannot be given by a program adopt operation.

Notes

When a group profile is specified, the user is automatically granted *CHANGE, *OBJMGT, *OBJOPR, *READ, *ADD, *UPD, AND *DLT authority to the group profile.

The following IBM-supplied objects are not valid on this parameter:

QAUTPROF QFNC QSNADS QCLUMGT QGATE QSPL QCLUSTER QIPP QSPLJOB QCOLSRV QLPAUTO QSRV QDBSHR QLPINSTALL QSRVBAS QDBSHRDO QMSF QSYS QDFTOWN QNETSPLF QTCM QDIRSRV QNFSANON QTCP QDLFM QNTP QTFTP QDOC QPEX QTSTRQS QDSNX QPM400 QYPSJSVR QEJB QRJE

*SAME: The value does not change.
*NONE: No supplemental group profiles are used with this user profile.
group-profile-name: Specify a maximum of 15 group profile names used with this user profile and the group profile specified on the GRPPRF parameter to determine a job's eligibility for getting access to existing objects and special authority.

ACGCDE

Specifies the accounting code associated with this user profile. More information on job accounting is in the Database Programming topic in the Information Center.
*SAME: The value does not change.
*BLANK: An accounting code consisting of 15 blanks is assigned to this user profile.
accounting-code: Specify the 15-character accounting code to be used by jobs that get their accounting code from this user profile. If less than 15 characters are specified, the string is padded on the right with blanks.

DOCPWD

Specifies the document password that allows Document Interchange Architecture (DIA) users to protect personal distributions from being used by users working on their behalf.
*SAME: The value does not change.
*NONE: No document password is used by this user.
document-password: Specify a document password for use by this user. The password must consist of alphanumeric characters ranging from 1 through 8 (letters A through Z and numbers 0 through 9). The first character of the document password must be alphabetic; the remaining characters can be alphanumeric. Embedded blanks, leading blanks, and special characters are not valid.

MSGQ

Specifies the qualified name of the message queue to which messages are sent.

Note: The message queue is created if it does not already exist. The user profile being changed is the owner of the message queue.

*SAME: The value does not change.
*USRPRF: A message queue with the same name as that specified in the USRPRF parameter is used as the message queue for this user. QUSRSYS is the library where this message queue is located.
The name of the message queue can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

message-queue-name: Specify the name of the message queue used by this user.

DLVRY

Specifies how the messages sent to the message queue for the user profile are delivered.
*SAME: The value does not change.
*HOLD: The messages are held in the message queue until they are requested by the user or program.
*BREAK: The job, to which the message queue is assigned, is interrupted when a message reaches the message queue. If the job is an interactive job, the audible alarm is sounded (if the alarm is set). The delivery mode cannot be changed to *BREAK if the message queue is also being used by another job.
*NOTIFY: The job to which the message queue is assigned is notified when a message reaches the message queue. For interactive jobs at a work station, the audible alarm is sounded (if the alarm is set) and the message-waiting light is turned on. The delivery mode cannot be changed to *NOTIFY if the message queue is also being used by another job.
*DFT: The default reply to the inquiry message is sent. If no default reply is specified in the message description of the inquiry message, the system default reply, *N, is used.

SEV

Specifies the lowest severity code that a message can have and still be delivered to a user in break or notify mode. Messages arriving at the message queue whose severities are lower than the severity code specified on this parameter do not interrupt the job or turn on the audible alarm or the message-waiting light; they are held in the queue until they are requested by using the Display Message (DSPMSG) command. If *BREAK or *NOTIFY is specified on the DLVRY parameter, and is in effect when a message arrives at the queue, the message is delivered if the severity code associated with the message is equal to or greater than the value specified here. Otherwise, the message is held in the queue until it is requested.
*SAME: The value does not change.
severity-code: Specify severity code ranging from 00 through 99.

PRTDEV

Specifies the name of the default printer device for this user. If the printer file being used to create the output specifies to spool the file, the spooled file is placed on the device's output queue, which is named the same as the device.

Note: This assumes the defaults are specified on the OUTQ parameter for the printer file, job description, user profile and workstation.

*SAME: The value does not change.
*WRKSTN: The printer assigned to the user's work station is used.
*SYSVAL: The value specified in the system value QPRTDEV is used.
print-device-name: Specify the name of a printer used to print the output for this user.

OUTQ

Specifies the qualified name of the output queue.
*SAME: The value does not change.
*WRKSTN: The output queue assigned to the user's work station is used.
*DEV: The output queue associated with the printer specified on the DEV parameter is used. The output queue has the same name as the printer. (The printer file DEV parameter is determined by the Create Printer File (CRTPRTF), Change Printer File (CHGPRTF), or Override with Printer File (OVRPRTF) command.

Note: This assumes the defaults were specified on the OUTQ parameter for the printer file, job description, user profile, and workstation.

The name of the output queue can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

output-queue-name: Specify the name of the output queue used as the output queue for this user.

ATNPGM

Specifies the program to be the ATTN key handling program for this user. The ATTN key handling program is called when the ATTN key is pressed during an interactive job. The program is active only when the user specifies routes to the system-supplied QCMD command processor. The ATTN key handling program is activated before the program (if any) is called and is active for both program and menu. If the program changes the ATNPGM (by using the Set Attention Program (SETATNPGM) command), the new program remains active only for the duration of the program. When control returns and QCMD calls the menu, the original ATTN key handling program becomes active again. If the SETATNPGM command is run from the menus or an application is called from the menus, the new ATTN key handling program specified overrides the original ATTN key handling program. If *YES or *PARTIAL is specified on the LMTCPB parameter in the user profile, the ATTN key handling program cannot be changed by the Change Profile (CHGPRF) command.
*SAME: The value does not change.
*ASSIST: QEZMAIN is used.
*SYSVAL: The system value QATNPGM is used.
*NONE: No ATTN key handling program is used by this user.
The name of the ATTN key handling program can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

program-name: Specify the name of the ATTN key handling program used by this user.

SRTSEQ

Specifies the sort sequence table to be used for string comparisons for this user profile.
*SAME: This value does not change.
*SYSVAL: The system value QSRTSEQ is used.
*HEX: A sort sequence table is not used. The hexadecimal values of the characters are used to determine the sort sequence.
*LANGIDUNQ: A unique-weight sort table is used.
*LANGIDSHR: A shared-weight sort table is used.
The name of the sort sequence table can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

table-name: Specify the name of the sort sequence table to be used with this user profile.

LANGID

Specifies the language identifier used for this user.
*SAME: The language identifier does not change.
*SYSVAL: The system value QLANGID is used.
language-identifier: Specify the language identifier. More information on valid language identifiers is in the Globalization topic in the Information Center.

CNTRYID

Specifies the country or region identifier to be used by the system for this user.
*SAME: The country or region identifier does not change.
*SYSVAL: The system value QCNTRYID is used.
country-identifier: Specify an ISO 3166 Alpha-2 code from the country or region code table. More information on this parameter is in Commonly used parameters.

CCSID

Specifies the coded character set identifier (CCSID) used for this user.
A CCSID is a 16-bit number identifying a specific set of encoding scheme identifiers, character set identifiers, code page identifiers, and additional coding-related information that uniquely identifies the coded graphic representation used.

Note: If the value for CCSID is changed, the change does not affect jobs that are currently running.

*SAME: The CCSID does not change.
*SYSVAL: The system value QCCSID is used.
*HEX: The CCSID 65535 is used.
coded-character-set-identifier: Specify the CCSID. More information on valid CCSIDs is in the Globalization topic in the Information Center.

CHRIDCTL

Specifies the character identifier control for the job. This attribute controls the type of CCSID conversion that occurs for display files, printer files and panel groups. The *CHRIDCTL special value must be specified on the CHRID command parameter on the create, change or override commands for display files, printer files and panel groups before this attribute will be used.
*SAME: The CHRID control does not change.
*SYSVAL: The value in the QCHRIDCTL system value will be used.
*DEVD: The *DEVD special value performs the same function as on the CHRID command parameter for display files, printer files and panel groups.
*JOBCCSID: The *JOBCCSID special value performs the same function as on the CHRID command parameter for display files, printer files and panel groups.

SETJOBATR

Specifies which job attributes are taken from the locale specified in the LOCALE parameter when the job is initiated.
*SAME: The value does not change.
*NONE: No job attributes are taken from the locale.
*SYSVAL: The system value QSETJOBATR is used to determine which job attributes are taken from the locale.
Any combination of the following values can be specified:
*CCSID: The coded character set identifier from the locale is used. The CCSID value from the locale overrides the user profile CCSID.
*DATFMT: The date format from the locale is used.
*DATSEP: The date separator from the locale is used.
*DECFMT: The decimal format from the locale is used.
*SRTSEQ: The sort sequence from the locale is used. The sort sequence from the locale overrides the user profile sort sequence.
*TIMSEP: The time separator from the locale is used.

USROPT

Specifies the level of information detail the user can view and the function of the Page Up and Page Down keys by default. The system shows displays suitable for the inexperienced user. More experienced users must perform an extra action to see more detailed information. When values are specified for this parameter, the system presents detailed information without additional action by the user.
*SAME: The value does not change.
*NONE: No detailed user option information is shown.
*CLKWD: Parameter keywords are shown instead of the possible parameter values when a command is displayed.
*EXPERT: More detailed user option information is initially shown when the user is performing display and edit options (such as edit or display object authority) to define or change the system.
*ROLLKEY: The actions of the Page Up and Page Down keys are reversed.
*HLPFULL: Help text is shown on a full display rather than in a window.
*NOSTSMSG: Status messages are not displayed when sent to the user.
*STSMSG: Status messages are displayed when sent to the user.
*PRTMSG: A message is sent to this user's message queue when a spooled file for this user is printed or held by the printer writer.

UID

Specifies the user ID number (uid number) for this user profile. The uid number is used to identify the user when the user is using the directory file system. The uid number for a user cannot be changed if the user is active in a process.
*SAME: The value does not change.
user-ID-number: Specify the uid number to be assigned to the user profile. Valid values range from 1 to 4294967294. The uid number assigned must not already be assigned to another user profile.

GID

Specifies the group ID number (gid number) for this user profile. The gid number is used to identify the group profile when a member of the group is using the directory file system. The gid number for a user cannot be changed if:

The user profile is the primary group of an object in a directory.

The user is active in a process.

*SAME: The value does not change.
*NONE: The user does not have a gid number or an existing gid number is removed.

Note: This value cannot be specified if the user is a group profile or the primary group of an object.

*GEN: The gid number is generated for the user. The system generates a gid number that is not already assigned to another user. The gid number generated is greater than 100.
group-ID-number: Specify the gid number to be assigned to the user profile. Valid values range from 1 to 4294967294. The gid number assigned must not already be assigned to another user profile.

HOMEDIR

Specifies the path name of the home directory for this user profile. The home directory is the user's initial working directory. The working directory, associated with a process, is used during path name resolution in the directory file system for path names that do not begin with a slash (/). If the home directory specified does not exist when the user signs on, the user's initial working directory is the root (/) directory.

Note: This parameter is only used with the integrated file system. It cannot be used to set the home directory for IBM OS/2 Warp Server for AS/400.

*SAME: The value does not change.
*USRPRF: The home directory assigned to the user is /home/USRPRF, where USRPRF is the name of the user profile.
'home-directory-path-name': Specify the path name of the home directory to assign to this user. See path names for more information on specifying path names.

LOCALE

Specifies the path name of the locale that is assigned to the LANG environment variable for this user.
*SAME: The value does not change.
*SYSVAL: The system value QLOCALE is used to determine the locale path name assigned to this user.
*NONE: No locale path name is assigned to this user.
*C: The C locale path name is assigned to this user.
*POSIX: The POSIX locale path name is assigned to this user.
'locale path name': Specify the path name of the locale assigned to this user. See path names for more information on specifying path names.

TEXT

Specifies the text that briefly describes the user profile name specified in the USRPRF parameter. More information on this parameter is in Commonly used parameters.
*SAME: The value does not change.
*BLANK: Text is not specified.
'description': Specify no more than 50 characters of text, enclosed in apostrophes.

Example for CHGUSRPRF
CHGUSRPRF USRPRF(JJADAMS) PASSWORD(SECRET) SPCAUT(*JOBCTL) INLPGM(ARLIB/DSPMENU)

This command makes the following changes to the user profile named JJADAMS:

Changes the password to SECRET.

Authorizes JJADAMS to use the special job control authority.

Changes the first program to start following a successful sign-on to a program named DSPMENU, which is located in a library named ARLIB.

All the other command parameters default to *SAME and do not change.
Error messages for CHGUSRPRF
*ESCAPE Messages

CPF22CD

Value for SUPGRPPRF parameter is not correct.

CPF22CE

The &1 value &2 is used by another user profile.

CPF22CF

User profile not allowed to be a group profile.

CPF22DB

The user profile being changed must have a GID.

CPF22DC

Not allowed to change UID of the user profile.

CPF22DD

Not allowed to change GID of the user profile.

CPF22DE

Not allowed to change the UID or GID of user profile &1.

CPF22DF

Unable to process request for user profile &1.

CPF22EB

Unable to process request for user profile &1.

CPF22E1

USROPT parameter cannot specify *STSMSG and *NOSTSMSG.

CPF22F1

Coded character set identifier &1 not valid.

CPF22F3

&1 specified a LMTCPB value that is not permitted.

CPF2203

User profile &1 not correct.

CPF2204

User profile &1 not found.

CPF2209

Library &1 not found.

CPF2213

Not able to allocate user profile &1.

CPF2225

Not able to allocate internal system object.

CPF2228

Not authorized to change user profile.

CPF223F

Cannot set password to expired when password is *NONE.

CPF224A

User profile &1 cannot have a GID and be a member of a group.

CPF2242

Object &1 type *&2 not found in library list.

CPF2244

Object &1 type *&2 cannot be found.

CPF225A

User profile name specified on both USRPRF and SUPGRPPRF parameters.

CPF2259

Group profile &1 not found.

CPF2260

User profile &2 was not created or changed. Reason code &3.

CPF2261

OWNER or GRPAUT value not permitted.

CPF2262

Value for GRPAUT not correct.

CPF2264

User profile &1 not allowed to be a group member.

CPF2269

Special authority *ALLOBJ required when granting *SECADM or *AUDIT.

CPF2272

Cannot allocate user profile &1.

CPF2291

User profile does not have all special authorities being granted.

CPF2292

*SECADM required to create or change user profiles.

CPF2293

Storage limit exceeded for user profile &1.

CPF9802

Not authorized to object &2 in &3.

CPF9820

Not authorized to use library &1.

CPF9825

Not authorized to device &1.