CRTUSRPRF (Create User Profile)

CRTUSRPRF Command syntax diagram

 

Purpose

The Create User Profile (CRTUSRPRF) command identifies a user to the system and allows you to customize the way the system appears. When the profile is created, the profile is given *CHANGE and *OBJMGT authorities for the profile itself. The system relies on the profile having these authorities to itself and they should not be removed.

Restriction: The user of this command must have (1) *SECADM special authority, (2) *USE authority to the initial program, initial menu, job description, message queue, output queue, and attention-key-handling program if specified, and (3) *CHANGE and object management authorities to the group profile and supplemental group profiles, if specified.

 

Required Parameters

USRPRF
Specifies the user name for this user profile. The character set for user profile names is the same set used for *SNAME type on the parameter statement of command definitions source statements. A numeric user profile can be specified. If the user profile is numeric, then it must begin with a Q.

 

Optional Parameters

PASSWORD
Specifies the password that lets the user sign on the system. The password is associated with a unique user name used to represent the user in the system. The password should be known only to the user. A numeric password can be specified.

When the system is operating at password level 0 or 1 and the password is numeric, then it must begin with a Q, for example, Q1234 where 1234 is the password used for signing on the system.

Note: The password level is controlled by the Password Level (QPWDLVL) system value.

Note: The new password is not checked against the password validation rules. The password validation rules are defined by OS/400 system values. For a description of the password validation rules, see the iSeries Security Reference

book.

*USRPRF: The password for this user is the user profile name specified in the USRPRF parameter. When the system is operating at password level 2 or 3 and the *USRPRF value was specified for the user profile password, the user must enter their password using upper case characters.

*NONE: No password is used by this user. Users cannot sign on a system with a profile that has PASSWORD(*NONE) specified.

'user-password': When the system is operating at password level 0 or 1, specify an alphanumeric character string (10 characters or less). The first character must be alphabetic and the other characters must be alphanumeric.

When the system is operating at password level 2 or 3, specify a character string (128 characters or less).

SPCAUT
Specifies the special authorities granted to a user. Special authorities are required to perform certain functions on the system. Special authorities cannot be removed from many of the system supplied user profiles including QSECOFR and QSYS.

 

Restrictions

  1. The user profile that is creating or changing another user profile must have all the special authorities being granted.
  2. A user must have *ALLOBJ and *SECADM special authorities to grant another user *SECADM special authority when using the CRTUSRPRF command.
  3. The user must have *ALLOBJ, *SECADM, and *AUDIT special authorities to grant another user *AUDIT special authority when using the CRTUSRPRF command.

*USRCLS: Special authorities are granted to the user based on the value specified in the USRCLS parameter.

*NONE: No special authorities are granted to the user.

*ALLOBJ: All object authority is granted to the user. It is granted to users who work with system resources. The user can access any system resource whether or not the user has private authorizations.

*AUDIT: Audit authority is granted to the user. This user is given the authority to perform auditing functions. Auditing functions include turning auditing on or off for the system and controlling the level of auditing on an object or user.

*IOSYSCFG: Input/Output system configuration authority is granted to the user. The user has authority to change system I/O configurations.

*JOBCTL: Job control authority is granted to the user. It is normally granted to users who operate the system. The user has authority to change, display, hold, release, cancel, and clear all jobs running on the system or on a job queue or output queue for which OPRCTL (*YES) is specified. The user also has the authority to start writers, and to stop active subsystems.

*SAVSYS: Save system authority is granted to this user profile. It is normally granted to users who operate the system. The user has authority to save, restore, and free storage for all objects on the system, whether or not object management authority has been granted.

*SECADM: Security administrator authority is granted to the user. It is granted to users who are the security administrators. The user can create, change, or delete user profiles if authorized to the Create User Profile, Change User Profile, or Delete User Profile commands, and is authorized to the user profile. This authority does not allow the user to grant special authorities that this user profile does not have.

*SERVICE: Service authority is granted to the user. The user can perform service functions.

*SPLCTL: Spool control authority is granted to the user. The user can perform all spool functions.

PWDEXP
Specifies whether the user's password is set to expired. If the password is set to expired, the user is required to change the password to sign on the system. When the user attempts to sign on the system, the sign-on information display is shown and the user has the option to change this password.

*NO: The password is not set to expired.

*YES: The password is set to expired.

STATUS
Specifies profile status.

*ENABLED: The profile created is valid for sign-on.

*DISABLED: The profile created is not valid for sign-on until an authorized user enables it again.

USRCLS
Specifies the class of user associated with this user profile: security officer, security administrator, programmer, system operator, or user. User class determines which menu options are shown. The special authorities defined by the user class are used only if SPCAUT(*USRCLS) is specified. If SPCAUT(*USRCLS) is specified, the special authorities granted will differ depending on the QSECURITY value.

*SECOFR: At all levels of security, the security officer has the following special authorities:

*ALLOBJ
*SAVSYS
*JOBCTL
*SERVICE
*SPLCTL
*SECADM
*AUDIT
*IOSYSCFG

*SECADM: At QSECURITY level 10 or 20, the security administrator has *ALLOBJ, *SAVSYS, *SECADM, and *JOBCTL special authorities.

At QSECURITY level 30 or above, the user has *SECADM special authority.

*PGMR: At QSECURITY level 10 or 20, the programmer has *ALLOBJ, *SAVSYS, and *JOBCTL special authorities.

At QSECURITY level 30 or above, the user has no special authorities.

*SYSOPR: At QSECURITY level 10 or 20, the system operator has *ALLOBJ, *SAVSYS, and JOBCTL special authorities.

At QSECURITY level 30 or above, the user has *SAVSYS and *JOBCTL special authorities.

*USER: At QSECURITY level 10 or 20, the user is granted *ALLOBJ and *SAVSYS authority.

At QSECURITY level 30 or above, this user is granted no special authorities.

ASTLVL
Specifies which user interface to use.

*SYSVAL: The assistance level defined in the system value, QASTLVL, is used.

*BASIC: The Operational Assistant* user interface is used.

*INTERMED: The system interface is used.

*ADVANCED: The expert system interface is used. To allow for more list entries, the options keys and the function keys are not displayed. If a command does not have an advanced (*ADVANCED) level, the intermediate (*INTERMED) level is used.

SPCENV
Specifies the special environment in which the user operates after signing on the system.

*SYSVAL: The system value QSPCENV is used to determine the system environment after the user signs on the system.

*NONE: The user operates in the iSeries 400 environment after signing on the system.

*S36: The user operates in the System/36 environment after signing on the system.

DSPSGNINF
Specifies whether the sign-on information is displayed when the user signs on. This allows users to see the sign-on information, such as date of last sign-on and number of sign-on attempts that were not valid. If the password is due to expire in 7 days or less, the number of days until the password expires is shown.

*SYSVAL: The system value QDSPSGNINF is used to determine whether the sign-on information display is shown when the user signs on the system.

*NO: The sign-on information display is not shown when the user signs on the system.

*YES: The sign-on information display is shown when the user signs on the system.

PWDEXPITV
Specifies the interval (number of days from the password changed date) before the password expires.

*SYSVAL: The system value QPWDEXPITV is used to determine the password expiration interval.

*NOMAX: The password does not expire.

password-expiration-interval: Specify the number of days between when the password was last changed and the date when the password expires. Valid values range from 1 through 366.

LMTDEVSSN
Specifies whether the user is limited to one device session. This does not limit use of the System Request menu or prevent a second sign-on.

*SYSVAL: The system value QLMTDEVSSN determines whether the user is limited to one device session.

*NO: The user is not limited to one device session.

*YES: The user is limited to one device session.

KBDBUF
Specifies the keyboard buffering value used when a job is initialized for this user profile. If the type-ahead feature is active, the keystrokes can be buffered. If the attention key buffering option is active, the attention key is buffered like any other key. If the attention key is not active, the attention key is not buffered and is sent to the system even if the display station is input inhibited. The keyboard buffer value can also be set by a user application using the QWSSETWS program.

*SYSVAL: The system value, QKBDBUF, is used to determine the keyboard buffering value for this profile.

*NO: The type-ahead feature and attention key buffering option are not active for this user profile.

*TYPEAHEAD: The type-ahead feature is active for this user profile.

*YES: The type-ahead feature and attention key buffering option are active for this user profile.

MAXSTG
Specifies the maximum auxiliary storage space assigned to store permanent objects owned by this user profile. If the storage maximum is exceeded when an interactive user creates an object, an error message is displayed and the object is not created. If the maximum is exceeded when an object is created in a batch job, an error message is sent to the job log (depending on the logging level of the job) and the object is not created.

Storage is allocated in 4K increments. Therefore, if you specify MAXSTG (9), the profile is allocated 12K of storage.

When planning maximum storage space for user profiles, consider the following system actions:

  • A restore operation first assigns storage space to the user doing the restore operation, and then transfers the object to the owner. For a large restore operation, specify MAXSTG(*NOMAX).
  • The user profile that creates a journal receiver is assigned storage space as the receiver size grows. If new receivers are created using JRNRCV(*GEN), the storage continues to be assigned to the user profile that owns the active journal receiver. For a very active journal receiver, specify MAXSTG(*NOMAX).
  • User profiles that transfer all created objects to their group profile must have adequate storage in the user profiles to contain any created object before it is transferred to the group profile.
  • The owner of the library is assigned storage space for the descriptions of objects stored in a library, even when those objects are owned by another profile. Examples of such objects are text and program references.
  • Storage space is assigned to the user profile for temporary objects used when the job is running. Examples of such objects are commit control blocks, file editing space, and documents.

*NOMAX: As much storage as is required is assigned to this profile.

maximum-K-bytes: Specify the maximum amount of storage in kilobytes (1KB equals 1024 bytes) that can be assigned to this user profile.

PTYLMT
Specifies the highest scheduling priority the user is allowed to have for each job submitted to the system. The value specified for this parameter controls the job processing priority and output priority for any job running under this user profile. This means that values specified in the JOBPTY and OUTPTY parameters of any job command cannot exceed the PTYLMT value of the user profile under which the job is running. The scheduling priority value ranges from 0 through 9, where 0 is the highest priority and 9 is the lowest priority.

3: The user named in this profile can have a priority value no higher than 3 for scheduling jobs on the system. Jobs with this priority value are run before jobs with priority values ranging from 4 through 9, and after jobs with priority values ranging from 0 through 2.

priority-limit: Specify a value, ranging from 0 through 9, for the user's highest job scheduling priority.

CURLIB
Specifies the name of the library being used as the current library for jobs initiated by this user profile. If *PARTIAL or *YES is specified for the LMTCPB parameter in the user profile, the user cannot change the current library at sign-on or with the Change Profile (CHGPRF) command.

*CRTDFT: The user has no current job library. If objects are created in the current library by using *CURLIB on a create command, the QGPL library is used as the default current library.

current-library-name: Specify the 10-character name of the user's current library after the user signs on the system.

INLPGM
Specifies, for an interactive job, the name of the program called whenever a new routing step is started that has QCMD as the request processing program. No parameters can be passed to the program. If *PARTIAL or *YES is specified on the LMTCPB parameter in the user profile, the initial program value cannot be changed at sign-on or with the Change Profile (CHGPRF) command.

A System/36 environment procedure name can be specified as the initial program if the procedure is a member of the file QS36PRC (in the library list or specified library) and if either of the following conditions are true:

  • *S36 is specified for the SPCENV parameter.
  • *SYSVAL is specified for the SPCENV parameter and the system value, QSPCENV, is *S36.

*NONE: No program is called when the user signs on the system. If a menu name is specified in the INLMNU parameter, that menu is displayed.

The name of the program can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

program-name: Specify the name of the program called when the user signs on the system.

INLMNU
Specifies the name of the menu displayed when the user signs on the system if the user's routing program is the command processor QCMD. If *YES is specified on the LMTCPB parameter in the user profile, the user cannot change this menu.

A System/36 environment menu can be specified as the initial menu if either of the following conditions are true:

  • *S36 is specified for the SPCENV parameter.
  • *SYSVAL is specified for the SPCENV parameter and the system value, QSPCENV, is *S36.

*SIGNOFF: The system signs off the user when the initial program completes. This is intended for users limited to only running the initial program.

The name of the menu can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

menu-name: Specify the name of the menu shown when the user signs on the system.

LMTCPB
Specifies the limits of user control over the initial program, the initial menu, the current library, and the ATTN key handling program values. This parameter is ignored when the security level is 10.

Note: When creating or changing other users' user profiles, users running this command cannot specify values on this parameter that grant greater capabilities to other users than their own user profiles grant to them. For example, if *PARTIAL is specified on the LMTCPB parameter in the user profile of the user running this command, *PARTIAL or *YES can be specified for another user. *NO cannot be specified for another user.

*NO: The program, menu, and current library values can be changed when the user signs on the system. A user can change the initial program, the initial menu, the current library, or the ATTN key handling program values in the user's user profile by using the Change Profile (CHGPRF) command.

*PARTIAL: The initial program and the current library cannot be changed on the Sign-On display. The initial menu can be changed and commands can be run from any command line. A user can change the initial menu value by using the Change Profile (CHGPRF) command. The initial program, the current library, and the ATTN key handling program cannot be changed by using the Change Profile command.

*YES: The program, the menu, and the current library values cannot be changed on the sign-on display. Commands cannot be run when issued from a command line or by selecting an option from a command grouping menu such as CMDADD, but can still be run from a command entry screen. The user cannot change the initial program, the initial menu, the current library, or the ATTN key handling program by using the Change Profile (CHGPRF) command.

JOBD
Specifies the name of the job description used for jobs that start through subsystem work station entries. If the job description does not exist when the user profile is created or changed, a library qualifier must be specified, because the job description name is kept in the user profile.

The name of the job description can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

QDFTJOBD: The default system-supplied job description found in the QGPL library is used.

job-description-name: Specify the name of the job description that is used for the work station entries whose job description parameter values indicate the user (JOBD(*USRPRF)).

GRPPRF
Specifies the name of the group profile whose authority is used if the user has no specific authority for the job. The current user of this command must have *OBJMGT, *CHANGE, *OBJOPR, *READ, *ADD, *UPD, and *DLT authorities to the profile specified on the GRPPRF parameter. The required *OBJMGT cannot come from the program adopt operation.

 

Notes

  1. When a group profile is specified, the user is automatically granted *CHANGE, *OBJMGT, *OBJOPR, *READ, *ADD, *UPD, AND *DLT authority to the group profile.
  2. The following IBM-supplied objects are not valid on this parameter:

    QAUTPROF        QFNC             QSNADS
    QCLUMGT         QGATE            QSPL
    QCLUSTER        QIPP             QSPLJOB
    QCOLSRV         QLPAUTO          QSRV
    QDBSHR          QLPINSTALL       QSRVBAS
    QDBSHRDO        QMSF             QSYS
    QDFTOWN         QNETSPLF         QTCM
    QDIRSRV         QNFSANON         QTCP
    QDLFM           QNTP             QTFTP
    QDOC            QPEX             QTSTRQS
    QDSNX           QPM400           QYPSJSVR
    QEJB            QRJE             
    

*NONE: This user profile has no group profile.

user-profile-name: Specify the name of a group profile used with this user profile.

OWNER
Specifies whether the user profile or the group profile is the owner of newly created objects.

*USRPRF: The user profile being used with the job is made the owner of the newly created object.

*GRPPRF: The group profile is made, the owner of newly created objects and has all authority to those objects. The user profile used with the job does not have specific authority to the object. If *GRPPRF is specified, there must be a user profile name in the GRPPRF parameter, and the GRPAUT parameter cannot be specified.

GRPAUT
Specifies the specific group authority granted to the group profile for newly created objects. If *GRPPRF is specified on the OWNER parameter, specification of this parameter is not allowed.

*NONE: No group authority is granted.

*ALL: The group profile is granted authority to perform all operations on the object except those limited to the owner or controlled by authorization list management authority. In addition to the functions allowed with use (*USE) and change (*CHANGE) authorities, the group profile can control the object's existence and specify the security for the object. The group profile can transfer ownership of the object. If the object is an authorization list, then the group profile cannot add, change, or remove users.

*CHANGE: The group profile is granted authority to perform all operations on the object except those limited to the owner or controlled by object existence authority and object management authority. In addition to the functions allowed with use (*USE) authority, the group profile can change the object. Change authority provides object operational authority and all of the data authorities.

*USE: The group profile runs a program or displays the contents of a file. The group profile is prevented from changing the object. Use authority provides object operational authority, read authority, and execute authority.

*EXCLUDE: The group profile is prevented from accessing the object.

GRPAUTTYP
Specifies the type of authority to be granted to the group profile for newly-created objects. If the authority value in the GRPAUT parameter is *NONE, this value is ignored.

*PRIVATE: The group profile is granted private authority to newly-created objects, with the authority value determined by the GRPAUT parameter.

*PGP: The group profile is the primary group of newly-created objects, with the authority value determined by the GRPAUT parameter.

SUPGRPPRF
Specifies the user's supplemental group profiles. The profiles specified here, along with the group profile specified on the GRPPRF parameter, are used to determine what authority the user has if no specific user authority is given for the job. If profiles are specified for this parameter, a group profile name must be specified on the GRPPRF parameter. The current user of this command must have *OBJMGT, *OBJOPR, *READ, *ADD, *UPD, and *DLT authority to the profiles specified on the SUPGRPPRF parameter. The required *OBJMGT authority cannot be given by a program adopt operation.

 

Notes

  1. When a group profile is specified, the user is automatically granted *OBJMGT, *OBJOPR, *READ, *ADD, *UPD, AND *DLT authority to the group profile.
  2. The following IBM-supplied objects are not valid on this parameter:

    QAUTPROF        QFNC            QSNADS
    QCLUMGT         QGATE           QSPL   
    QCLUSTER        QIPP            QSPLJOB        
    QCOLSRV         QLPAUTO         QSRV    
    QDBSHR          QLPINSTALL      QSRVBAS 
    QDBSHRDO        QMSF            QSYS
    QDFTOWN         QNETSPLF        QTCM   
    QDIRSRV         QNFSANON        QTCP
    QDLFM           QNTP            QTFTP
    QDOC            QPEX            QTSTRQS
    QDSNX           QPM400          QYPSJSVR         
    QEJB            QRJE                     
    

*NONE: No supplemental group profiles are used with this user profile.

group-profile-name: Specify a maximum of 15 group profile names used with this user profile and the group profile specified on the GRPPRF parameter to determine a job's eligibility for getting access to existing objects and special authority.

ACGCDE
Specifies the accounting code associated with this user profile. More information on job accounting is in the Database Programming topic in the Information Center.

*BLANK: A 15-blank job accounting code is assigned to this user profile.

job-accounting-code: Specify the 15-character job accounting code used by jobs that get their accounting code from this user profile. If less than 15 characters are specified, the string is padded on the right with blanks.

DOCPWD
Specifies the document password that allows Document Interchange Architecture (DIA) users to protect personal distributions from being used by others working on their behalf. More information on specifying a document password is in the Manage OfficeVision/400 book.

*NONE: The user has no document password.

document-password: Specify a document password for use by this user. The password must range from 1 through 8 alphanumeric characters (letters A through Z and numbers 0 through 9). The first character of the document password must be alphabetic; the remaining characters can be alphanumeric. Embedded blanks, leading blanks, and special characters are invalid.

MSGQ
Specifies the name of the message queue used by this user. The message queue is created if it does not already exist. The user profile being created is the owner of the message queue.

*USRPRF: A message queue with the same name as that specified in the USRPRF parameter is the message queue for this user. This message queue is located in QUSRSYS.

The name of the message queue can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

message-queue-name: Specify the name of the qualified message queue for this user.

DLVRY
Specifies how the messages that are sent to the message queue for the user profile are delivered.

*NOTIFY: The job to which the message queue is assigned is notified when a message arrives at the message queue. For interactive jobs at a work station, the audible alarm is sounded and the message-waiting light is turned on. The delivery mode cannot be changed to *NOTIFY if the message queue is also being used by another job.

*HOLD: The messages are held in the message queue until they are requested by the user or program.

*BREAK: The job to which the message queue is assigned is interrupted when a message arrives at the message queue. If the job is an interactive job, the audible alarm (if present on the display station) is sounded. The delivery mode cannot be changed to *BREAK if the message queue is also being used by another job.

*DFT: The default reply to the inquiry message is sent. If no default reply is specified in the message description of the inquiry message, the system default reply, *N, is used.

SEV
Specifies the lowest severity code that a message can have and still be delivered to a user in break or notify mode. Messages arriving at the message queue whose severities are lower than the severity code specified on this parameter do not interrupt the job or turn on the audible alarm or the message-waiting light; they are held in the queue until they are requested by using the Display Message (DSPMSG) command. If *BREAK or *NOTIFY is specified on the DLVRY parameter, and is in effect when a message arrives at the queue, the message is delivered if the severity code associated with the message is equal to or greater than the value specified here. Otherwise, the message is held in the queue until it is requested.

00: The default severity level is 00.

severity-code: Specify a value, ranging from 00 through 99, for the lowest severity code that a message can have and still be delivered if the message queue is in break or notify delivery mode.

PRTDEV
Specifies the name of the default printer device for this user. If the printer file being used to create the output specifies to spool the file, the spooled file is placed on the device's output queue, which is named the same as the device.

Note: This assumes the defaults are specified on the OUTQ parameter for the printer file, job description, user profile and workstation.

*WRKSTN: The output queue assigned to the user's work station is used.

*SYSVAL: The value specified in the system value QPRTDEV is used.

print-device-name: Specify the name of the printer used to print the output for this user.

OUTQ
Specifies the qualified name of the output queue.

*WRKSTN: The output queue assigned to the user's work station is used.

*DEV: The output queue associated with the printer specified on the DEV parameter is used. The output queue has the same name as the printer. (The printer file DEV parameter is determined by the Create Printer File (CRTPRTF), Change Printer File (CHGPRTF), or Override with Printer File (OVRPRTF) command.

Note: This assumes the defaults were specified on the OUTQ parameter for the printer file, job description, user profile, and workstation.

The name of the output queue can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

output-queue-name: Specify the name of the output queue for this user.

ATNPGM
Specifies the program used for the ATTN key handling program for this user. The ATTN key handling program is called when the ATTN key is pressed in an interactive job. The program is active only when the user routes requests to the QCMD command processor supplied with the system. The ATTN key handling program is set on before a program (if any) is called and is active for both a program and a menu. If a program changes the ATNPGM by using the Set Attention Program (SETATNPGM) command, the new program remains active only for the duration of the program. When control returns and QCMD calls the menu, the original ATTN key handling program again becomes active. If the SETATNPGM command is run from a menu or an application is called from a menu, the new ATTN key handling program specified overrides the original ATTN key handling program. If *YES or *PARTIAL is specified on the LMTCPB parameter in the user profile, the ATTN key handling program cannot be changed with the Change Profile (CHGPRF) command.

*SYSVAL: The system value QATNPGM is used.

*ASSIST: QEZMAIN is used.

*NONE: No ATTN key handling program is used by this user.

The name of the ATTN handling program can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

program-name: Specify the name of the ATTN key handling program used by this user.

SRTSEQ
Specifies the sort sequence table to be used for string comparisons for this user profile.

*SYSVAL: The system value QSRTSEQ is used.

*HEX: A sort sequence table is not used. The hexadecimal values of the characters are used to determine the sort sequence.

*LANGIDUNQ: A unique-weight sort table is used.

*LANGIDSHR: A shared-weight sort table is used.

The name of the sort sequence table can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

table-name: Specify the name of the sort sequence table to be used with this user profile.

LANGID
Specifies the language identifier used for this user.

*SYSVAL: The system value QLANGID is used.

language-identifier: Specify the language identifier. More information on valid language identifiers is in the Globalization topic in the Information Center.

CNTRYID
Specifies the country or region identifier used for this user.

*SYSVAL: The system value QCNTRYID is used.

country-identifier: Specify an ISO 3166 Alpha-2 code from the country or region code table. More information on this parameter is in Commonly used parameters.

CCSID
Specifies the coded character set identifier (CCSID) used for this user.

A CCSID is a 16-bit number identifying a specific set of encoding scheme identifiers, character set identifiers, code page identifiers, and additional coding-related information that uniquely identifies the coded graphic representation used.

*SYSVAL: The system value QCCSID is used.

*HEX: The CCSID 65535 is used.

coded-character-set-identifier: Specify the CCSID. More information on valid CCSIDs is in the Globalization topic in the Information Center.

CHRIDCTL
Sepcifies the character identifier control for the job. This attribute controls the type of CCSID conversion that occurs for display files, printer files and panel groups. The *CHRIDCTL special value must be specified on the CHRID command parameter on the create, change or override commands for display files, printer files and panel groups before this attribute will be used.

*SYSVAL: The value in the QCHRIDCTL system value will be used.

*DEVD: The *DEVD special value performs the same function as on the CHRID command parameter for display files, printer files and panel groups.

*JOBCCSID: The *JOBCCSID special value performs the same function as on the CHRID command parameter for display files, printer files and panel groups.

SETJOBATR
Specifies which job attributes are taken from the locale specified on the LOCALE parameter when the job is initiated.

*SYSVAL: The system value QSETJOBATR is used to determine which job attributes are taken from the locale.

*NONE: No job attributes are taken from the locale.

Any combination of the following values can be specified:

*CCSID: The coded character set identifier from the locale is used. The CCSID value from the locale overrides the user profile CCSID.

*DATFMT: The date format from the locale is used.

*DATSEP: The date separator from the locale is used.

*DECFMT: The decimal format from the locale is used.

*SRTSEQ: The sort sequence from the locale is used. The sort sequence from the locale overrides the user profile sort sequence.

*TIMSEP: The time separator from the locale is used.

USROPT
Specifies the level of detail the user sees and the default function of the Page Up and Page Down keys. The system shows displays suitable for the inexperienced user. More experienced users must perform an extra action to see more detailed information. When values are specified for this parameter, the system presents detailed information without additional action by the experienced user.

*NONE: No detailed information is shown.

*CLKWD: Parameter keywords are shown instead of the possible parameter values when a command is displayed.

*EXPERT: More detailed information is initially shown when the user is performing display and edit options such as the edit or display object authority.

*ROLLKEY: The actions of the Page Up and Page Down keys are reversed.

*HLPFULL: Help text is shown on a full display rather than in a window.

*NOSTSMSG: Status messages are not shown when they are sent to the user.

*STSMSG: Status messages are shown when they are sent to the user.

*PRTMSG: A message is sent to this user's message queue when a spooled file for this user is printed or held by the printer writer.

UID
Specifies the user ID number (uid number) for this user profile. The uid number is used to identify the user when the user is using the directory file system.

*GEN: The uid number will be generated for the user. The system will generate a uid number that is not already assigned to another user. The uid number generated will be greater than 100.

user-ID-number: Specify the uid number to be assigned to the user profile. The value can be from 1 to 4294967294. The uid number specified must not already be assigned to another user.

GID
Specifies the group ID number (gid number) for this user profile. The gid number is used to identify the group profile when a member of the group is using the directory file system.

*NONE: The user does not have a gid number.

*GEN: The gid number is generated for the user. The system generates a gid number that is not already assigned to another user. The gid number generated is greater than 100.

group-ID-number: Specify the gid number to be assigned to the user profile. The value can be from 1 to 4294967294. The gid number specified must not already be assigned to another user.

HOMEDIR
Specifies the path name of the home directory for this user profile. The home directory is the user's initial working directory. The working directory, associated with a process, is used during path name resolution in the directory file system for path names that do not begin with a slash (/). If the home directory specified does not exist when the user signs on, the user's initial working directory is the root (/) directory.

Note: This parameter is only used with the integrated file system. It cannot be used to set the home directory for IBM OS/2 Warp Server for AS/400.

*USRPRF: The home directory assigned to the user is /home/USRPRF, where USRPRF is the name of the user profile.

'home-directory-path name': Specify the path name of the home directory to assign to this user. For more information on specifying path names, refer to path names.

LOCALE
Specifies the path name of the locale that is assigned to the LANG environment variable for this user.

*SYSVAL: The system value, QLOCALE, is used to determine the locale path name assigned to this user.

*NONE: No locale path name is assigned to this user.

*C: The C locale path name is assigned to this user.

*POSIX: The POSIX locale path name is assigned to this user.

'locale path name': Specify the path name of the locale assigned to this user. See path names for more information on specifying path names.

AUT
Specifies the authority given to users who do not have specific authority to the object, who are not on an authorization list, and whose user group has no specific authority to the object.

*EXCLUDE: The user cannot access the object.

*ALL: The user performs all operations on the object except those limited to the owner.

*CHANGE: The user can perform all operations on the object except those limited to the owner or controlled by object existence authority and object management authority. The user can change and perform basic functions on the object. Change authority provides object operational authority and all data authority.

*USE: You can perform basic operations on the object, such as running a program or reading a file. You cannot change the object. *USE authority provides object operational authority, read authority, and execute authority.

TEXT
Specifies the text that briefly describes the user profile named in the USRPRF parameter. More information on this parameter is in Commonly used parameters.

*BLANK: Text is not specified.

'description': Specify no more than 50 characters of text, enclosed in apostrophes.

Examples for CRTUSRPRF

Example 1: Creating a User Profile

CRTUSRPRF   USRPRF(JJADAMS)  PASSWORD(S1CR2T)
  SPCAUT(*SAVSYS)  INLPGM(ARLIB/DSPMENU)

This command creates a user profile with the user name of JJADAMS and a password of S1CR2T. After sign-on, a program called DSPMENU in the ARLIB library is called. The user is granted the save system special authority. Because the other parameters were not specified: (1) The profile has no limit on the amount of storage assigned to it for owned permanent objects; (2) A scheduling priority of 3 is the highest priority that any of the user's jobs can have; (3) The user-defined description text is blank; (4) There is no group profile associated with this user profile; and (5) No authority is granted for the user profile to other users.

Example 2: Creating a User Profile with the Same User Name and Password

CRTUSRPRF   USRPRF(TMSMITH)  MAXSTG(12)
  INLPGM(PROGMR/CALC)
  TEXT('Ted M. Smith, Dept 410,
  Application Programs')

This command creates a user profile with the user name of TMSMITH; the password is also TMSMITH because the password was not specified. The maximum permanent storage space the user can use for all objects is 12K (or 12,288 bytes). The initial program called following sign-on is CALC, which is located in the library named PROGMR. The text parameter provides the user's name, department, and department name. Default values are assigned to the other parameters.

Error messages for CRTUSRPRF

*ESCAPE Messages

CPF22CE
The &1 value &2 is used by another user profile.
CPF22CF
User profile not allowed to be a group profile.
CPF22DB
The user profile being changed must have a GID.
CPF22DF
Unable to process request for user profile &1.
CPF22EB
Unable to process request for user profile &1.
CPF22E1
USROPT parameter cannot specify *STSMSG and *NOSTSMSG.
CPF22F1
Coded character set identifier &1 not valid.
CPF22F3
&1 specified a LMTCPB value that is not permitted.
CPF2202
Do not have authority to create user profile.
CPF2209
Library &1 not found.
CPF2213
Not able to allocate user profile &1.
CPF2214
User profile &1 already exists.
CPF2225
Not able to allocate internal system object.
CPF224A
User profile &1 cannot have a GID and be a member of a group.
CPF2242
Object &1 type *&2 not found in library list.
CPF2244
Object &1 type *&2 cannot be found.
CPF225A
User profile name specified on both USRPRF and SUPGRPPRF parameters.
CPF2259
Group profile &1 not found.
CPF2260
User profile &2 was not created or changed. Reason code &3.
CPF2261
OWNER or GRPAUT value not permitted.
CPF2262
Value for GRPAUT not correct.
CPF2269
Special authority *ALLOBJ required when granting *SECADM or *AUDIT.
CPF2272
Cannot allocate user profile &1.
CPF2291
User profile does not have all special authorities being granted.
CPF2292
*SECADM required to create or change user profiles.
CPF2293
Storage limit exceeded for user profile &1.
CPF9802
Not authorized to object &2 in &3.
CPF9820
Not authorized to use library &1.
CPF9825
Not authorized to device &1.