× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2004

RE: Can We retire the QSECOFR userid?

This should be doable.  Our QSECOFR profile has not been used in years,
other than to upgrade the O/S.  I'm not sure if you could use a QSECOFR
equivalent for this, I've never tried.  IIRC, in a D/R situation you reset
the QSECOFR password as soon as the O/S is restored so you would not need it
in that case.  You might need a DST profile with O/S install authority
though, but that would be machine specific.

Option 2 is the most likely pitfall.  I always use a QSECOFR equivalent when
this is specified; I don't recall anything failing to install but I've heard
that some products will.

In our case no one here knows the QSECOFR password.  I and my backup have
the authority to change it, and two others have access to a command line
with adopted QSECOFR authority, so they could change it if they had to.

Regards,

Scott Ingvaldson
AS/400 System Administrator
GuideOne Insurance Group

-----Original Message-----
date: Fri, 6 Feb 2004 11:48:31 -0800
from: "John Earl" <john.earl@xxxxxxxxxxxxx>
subject: Can We retire the QSECOFR userid?

I was wondering.

 

Is it possible for an individual shop to retire the QSECOFR
ID and never, ever use it again?  The idea goes something
like this.

 

1.      Duplicate the QSECOFR ID and Call the new one
ZSECOFR.  Use ZSECOFR (or other functional equivalents) for
all administration features that require enhanced authority.
2.      Have someone like the CEO change the QSECOFR
password and put the password in a safe so that it is never
used.

 

If you did that, what functions would you ever need to open
the safe for?  So far I can think of only two.

 

1.      If all of your other *ALLOBJ profiles were disabled
and you could only reset them with QSECOFR (not likely, but
possible) 
2.      If some stupid software vendor hard-codes into their
product that you must use "QSECOFR" to install or change
something (It happens, but still, this should be a rare
event.  And with the right software vendors, it may never
happen).

 

Am I missing any others?  Is there something obvious that I
am overlooking?  

 

Your thoughts on the topic are kindly appreciated.

 

jte

 

--

John Earl | Chief Technology Officer
The PowerTech Group

19426 68th Ave. S
Seattle, WA 98032
(253) 872-7788 ext. 302
john.earl@xxxxxxxxxxxxx
 <http://www.powertech.com> www.powertech.com 
   
This message and accompanying documents are covered by the Electronic
Communications Privacy Act, 18 U.S.C. §§ 2510-2521, and contains information
intended for the specified individual(s) only. This information is
confidential. If you are not the intended recipient or an agent responsible
for delivering it to the intended recipient, you are hereby notified that
you have received this document in error and that any review, dissemination,
copying, or the taking of any action based on the contents of this
information is strictly prohibited. If you have received this communication
in error, please notify us immediately by e-mail, and delete the original
message.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.