A couple of things to be aware of.
You say allow the command is to allow a user to reset "their" password... all they need to do is use the command CHGPWD.
I notice in the command that you are also enabling the profile - this would not be required for someone to change their own password as they'd have to be signed on to run the command and, by default, their profile would be enabled.
If you expecting users to run this command for other users, you need to be very careful who you give the access to. To change another persons profile requires elevated authority over the profile being amended and it's usual that the person doing the reset should not always have elevated authorities so it is usually done by changing the program to run under the owners authority and change the owner of the program to a profile with suitable authorities to amend other profiles.
A word of caution with this type of command is that you should build in some validation checks to stop the user from resetting the password of profiles with even more authority - eg. QSECOFR. For example, assuming your general users don't have many special authorities (maybe *SPLCTL and *JOBCTL), your code could retrieve the special authorities of the target profile and see if they have anything more than one of your general users. If the target profile does, then reject the request to reset the password.
We have developed a CL program for our service desk, with a display screen - not just directly using the CHGUSRPRF command so, for our errors, we set an indicator and display a message to the user. In the sample code below, you could just send the user a message directly instead of setting an indicator.
Also, we retrieve the group and supplemental groups and make sure the target user is in a specific group. You don't need to do that, it's just something specific that we do.
Tony.
/* Retrieve user profile details */
RTVUSRPRF USRPRF(&P1USER) SPCAUT(&P1AUT) +
GRPPRF(&P1GRP) TEXT(&P1TEXT) +
USRCLS(&P1CLAS) PWDEXP(&P1EXP) +
STATUS(&P1STAT) SUPGRPPRF(&P1SUPGRP)
/* See if user has *ALLOBJ authorities - set on error - IND 82 */
CALL PGM(QCLSCAN) PARM(&P1AUT &STRLEN &STRPOS +
'*ALLOBJ' &PATLEN &BLANK &BLANK &BLANK &RESULT)
IF COND(&RESULT *NE 0) THEN(DO)
CHGVAR VAR(&IN82) VALUE('1')
GOTO CMDLBL(DISPLAY)
ENDDO
/* See if user has *SECADM authorities - set on error TD002 - IND 82 */
CALL PGM(QCLSCAN) PARM(&P1AUT &STRLEN &STRPOS +
'*SECADM' &PATLEN &BLANK &BLANK &BLANK &RESULT)
IF COND(&RESULT *NE 0) THEN(DO)
CHGVAR VAR(&IN82) VALUE('1')
GOTO CMDLBL(DISPLAY)
ENDDO
/* See if user has XXGRPXX in Sup.Group or group profile */
CALL PGM(QCLSCAN) PARM(&P1SUPGRP &STRLEN2 &STRPOS +
'XXGRPXX' &PATLEN2 &BLANK &BLANK &BLANK &RESULT)
IF COND(&RESULT *EQ 0 *AND &P1GRP¬='XXGRPXX') THEN(DO)
CHGVAR VAR(&IN71) VALUE('1')
ENDDO
------------------------------
Tony Davis
------------------------------
Original Message:
Sent: Fri September 01, 2023 08:32 AM
From: Michael Ruth
Subject: CL Program Error
Hello everyone
I am having an issue with a CL program that allows a user to reset their password. So when I run the command, in this case, RESETPWD, I get an error at the CHGUSRPRF command. I have the declared value, &USRPRF, but the command is expecting a specific user profile. How do I code this so any user can run the command and be able to change their password?
------------------------------
Michael Ruth
------------------------------