Hi Satid,
Rocket iCluster 9.1 and later has a new UI component called iCluster Web. Part of the installation of this component includes creating this IBM user profile and adding it to iCluster. This is special user is required to execute the api calls for the Web browser to display the iCluster repository information on the web pages, for the cluster, nodes, groups etc.. Hope this helps.
D Broadbridge
CSE Rocket iCluster Delivery team
------------------------------
don broadbridge
Senior CSE
Rocket Internal - All Brands
Denver CO US
------------------------------
Original Message:
Sent: 01-31-2024 20:36
From: Satid Singkorapoom
Subject: What is iCluster's user profile named ICA for?
Helllo
We have IT security audit team asking a question on a user profile named ICA which belongs to iCluster product release 9.1.1 that is running in IBM i 7.4. This user profile has all high authorities in the system but it owns no objects and is never used at all. The question is what is this user ICA for (in other words when is it used) in iCluster environment? The IT security team is aiming at deleting any user profile that is extraneous. Is ICS an extraneous one?
I know and can explain iCluster's users DMCLUSTER and ICLUSTER but have no idea on this ICA user. I hope any kind soul here would help provide the answer for me to convey to the IT security audit team.
Tnanks.
User Profile . . . . . . . . . . . . . . . : ICA
Previous sign-on . . . . . . . . . . . . . :
Password verifications not valid . . . . . : 0
Status . . . . . . . . . . . . . . . . . . : *ENABLED
Date password last changed . . . . . . . . : 13/09/23 09:29:22
Password is *NONE . . . . . . . . . . . . : *YES
Password expiration interval . . . . . . . : *SYSVAL
Password set expired by command . . . . . : *NO
Block password change . . . . . . . . . . : *SYSVAL
Local password management . . . . . . . . : *YES
User class . . . . . . . . . . . . . . . . : *SECOFR
Creation date/time . . . . . . . . . . . . : 13/09/23 09:29:22
Created by user . . . . . . . . . . . . . : SATID
Change date/time . . . . . . . . . . . . . : 13/09/23 09:29:22
Last used date . . . . . . . . . . . . . . :
Restore date/time . . . . . . . . . . . . :
User expiration date . . . . . . . . . . . : *NONE
User expiration interval . . . . . . . . . : *NONE
User expiration action . . . . . . . . . . : *NONE
Special authority . . . . . . . . . . . . : *ALLOBJ
*AUDIT
*IOSYSCFG
*JOBCTL
*SAVSYS
*SECADM
*SERVICE
*SPLCTL
Group profile . . . . . . . . . . . . . . : *NONE
Owner . . . . . . . . . . . . . . . . . . : *USRPRF
Group authority . . . . . . . . . . . . . : *NONE
Group authority type . . . . . . . . . . . : *PRIVATE
Supplemental groups . . . . . . . . . . . : *NONE
Assistance level . . . . . . . . . . . . . : *SYSVAL
Current library . . . . . . . . . . . . . : ICLUSTER
Initial program . . . . . . . . . . . . . : *NONE
Library . . . . . . . . . . . . . . . . :
Initial menu . . . . . . . . . . . . . . . : MAIN
Library . . . . . . . . . . . . . . . . : *LIBL
Limit capabilities . . . . . . . . . . . . : *NO
Text . . . . . . . . . . . . . . . . . . . : iCluster User Profile
Display sign-on information . . . . . . . : *SYSVAL
Limit device sessions . . . . . . . . . . : *SYSVAL
Keyboard buffering . . . . . . . . . . . . : *SYSVAL
Storage information:
Maximum storage allowed . . . . . . . . : *NOMAX
Storage used . . . . . . . . . . . . . . : 12
Storage used on independent ASP . . . . : *NO
Highest scheduling priority . . . . . . . : 3
Job description . . . . . . . . . . . . . : QDFTJOBD
Library . . . . . . . . . . . . . . . . : QGPL
Accounting code . . . . . . . . . . . . . :
Message queue . . . . . . . . . . . . . . : ICA
Library . . . . . . . . . . . . . . . . : QUSRSYS
Message queue delivery . . . . . . . . . . : *NOTIFY
Message queue severity . . . . . . . . . . : 00
User Profile . . . . . . . . . . . . . . . : ICA
Output queue . . . . . . . . . . . . . . . : *WRKSTN
Library . . . . . . . . . . . . . . . . :
Printer device . . . . . . . . . . . . . . : *WRKSTN
Special environment . . . . . . . . . . . : *SYSVAL
Attention program . . . . . . . . . . . . : *SYSVAL
Library . . . . . . . . . . . . . . . . :
Sort sequence . . . . . . . . . . . . . . : *SYSVAL
Library . . . . . . . . . . . . . . . . :
Language identifier . . . . . . . . . . . : *SYSVAL
Country or region identifier . . . . . . . : *SYSVAL
Coded character set identifier . . . . . . : *SYSVAL
Character identifier control . . . . . . . : *SYSVAL
Locale job attributes . . . . . . . . . . : *SYSVAL
Locale . . . . . . . . . . . . . . . . . . : *SYSVAL
User options . . . . . . . . . . . . . . . : *NONE
Object auditing value . . . . . . . . . . : *NONE
Action auditing values . . . . . . . . . . : *NONE
User ID number . . . . . . . . . . . . . . : 151
Group ID number . . . . . . . . . . . . . : *NONE
User entitlement required . . . . . . . . : Yes
Authority collection active . . . . . . . : No
Authority collection repository exists . . : No
Home directory . . . . . . . . . . . . . . : /home/ICA
User Profile . . . . . . . . . . . . . . . : ICA
(User does not have specific authority to any commands.)
User Profile . . . . . . . . . . . . . . . : ICA
(User does not have specific authority to any devices.)
User Profile . . . . . . . . . . . . . . . : ICA
ASP ----------Object----------- ------------Data------------ List
Object Library Type Device Opr Mgt Exist Alter Ref Read Add Upd Dlt Execute Exclude Mgt
ICA QSYS *USRPRF *SYSBAS X X X X X X X
User Profile . . . . . . . . . . . . . . . : ICA
Total objects . . . . . . . . . . . . . . : 1
ASP Authority
Object Library Type Device Holder
ICA QUSRSYS *MSGQ *SYSBAS
User profile . . . . . . . : ICA
Total objects . . . . . . : 0
ASP ----------Object----------- ------------Data------------ Authority List
Object Library Type Device Opr Mgt Exist Alter Ref Read Add Upd Dlt Execute Holder Exclude Mgt
(There are no objects for this primary group.)
------------------------------
Satid Singkorapoom
IBM i SME
Rocket Forum Shared Account
------------------------------