Handling account attributes
You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using the Manage the system (PSA) module. To do this, select IBM OS/400 Server from the Manage the system > Resources > Account attributes > Target system type menu.
This section describes the pseudo-attributes that Bravura Security Fabric uses to compose values, set flags, or control behavior on OS/400. For information about the native OS/400 attributes managed by Bravura Security Fabric , consult your OS/400 documentation.
Deleting accounts
When Bravura Identity deletes an OS/400 account, the following pseudo-attributes define how to handle owned objects:
_homedir_option There are three possible options for deleting an account with owned objects:
*nodlt- don’t delete the account if the user has any owned objects.delete- delete both the owned object and the account.changeowner- change ownership of the objects and delete the account. If this option is defined, the sup_homedir_option pseudo-attribute must be set to the user name of the recipient account.If no action is defined for _homedir_option , the default action is
*nodlt.
sup_homedir_option Specifies the new owner for orphaned objects. This pseudo-attribute must be defined if _owned_object_option is set to changeowner.
Bravura Security Fabric respects the account deletion rules of OS/400 and will not delete accounts if, for example the user profile is the primary group for any object. Also, certain types of objects such as *LIB, *DIR, or *RCT are not deleted, but transferred to the QDFTOWN account upon deletion of their original owners.