Restoring user profiles

You can restore a single user profile, a list of user profiles, or all user profiles. You restore a user profile to move a user from one system to another system and to recover a damaged user profile.

You can use the *NEW value on the USRPRF parameter of the Restore User Profiles (RSTUSRPRF) command to restore only user profiles that are new to your system.

If you restore all user profiles, their password and group connections are restored. If you restore new user profiles or individual user profiles, you can specify SECDTA(*PWDGRP) to restore their passwords and group connections.

You might also find the *NONE value beneficial if you only want to restore the data needed to verify signatures, and not all of the actual user profiles.

The OMITUSRPRF parameter allows you to limit the number of user profiles you restore. You can specify a list of up to 300 specific or generic user profile values that will not be restored. This value is helpful if you are restoring a subset of user profiles.

The SAVASPDEV parameter allows you to limit the private authorities that are restored based on auxiliary storage pools.

When you restore all user profiles, the Digital Certificate Manager (DCM) data and function usage information are restored unless you specify a value on the OMITSECDTA parameter. If you want to omit DCM data from the restore, specify the *DCM value on the OMITSECDTA parameter on the RSTUSRPRF command. To omit authority lists, specify the *AUTL value on the OMITSECDTA parameter. To omit function usage information, specify *FCNUSG on the OMITSECDTA parameter.

The following values are useful if you are merging user profiles from multiple systems onto a single system:

*NEW value on the USRPRF parameter
*PWDGRP value on the SECDTA parameter
*DCM, *AUTL, *FCNUSG values on the OMITSECDTA parameter

Note: You cannot delete an IBM-supplied user profile if it is damaged. You must restore the operating system again by way of an abbreviated install to recover a damaged IBM-supplied user profile.

Table 1. How user profiles are restored
Method	Restricted state?
RSTUSRPRF command ^1,3	No
Restore menu option 8 ^1,3	No
Restore menu option 21 ^1,2	Yes
Restore menu option 22 ^1,2	Yes
Restore menu option 23 ^1,2	Yes
¹ You must have SAVSYS special authority. You must have ALLOBJ special authority to specify a value other than NONE on the ALWOBJDIF parameter. ² These menu options restore all user profiles. ³ You need to put the system in a restricted state if you specify USRPRF(ALL).

Do this to restore all user profiles

Sign on as QSECOFR.
Ensure that the system is in a restricted state.
Find the most recent media volume that has your user profiles. It might be a SAVSYS volume or a SAVSECDTA volume. The name of the file on the media volume is QFILEUPR.

If you are using a SAVSYS media volume, type the following command:


RSTUSRPRF DEV(media-device-name) USRPRF(*ALL)
          ENDOPT(*LEAVE)

If you are using a SAVSECDTA media volume, type the following command:


RSTUSRPRF DEV(media-device-name) USRPRF(*ALL)
          ENDOPT(*UNLOAD)

In this example, the user profiles are copied from the source system to the target system without affecting the Digital Certificate Manager (DCM) setup and signature verification store on the target system.

Table 2. Copying user profiles without affecting the Digital Certificate Manager information
Source system	Target system
`SAVSECDTA`	`RSTUSRPRF USRPRF(ALL) OMITSECDTA(DCM)`