× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Wayne Evans (www.woevans.com) has a list of IBM supplied profiles that he recommends setting to *None. You can even email him from there about almost any security question.


Setting an IBM supplied profile to expired will, as Joel says, cause jobs to crash and burn. There are tons of server jobs that use these profiles so you could, effectively, bring your system to its proverbial knees by disabling or expiring them.


Carole Woodbury (www.skyviewpartners.com) is another iSeries security expert that you might check with.


I mention both Wayne and Carole because, while the answers from this list might satisfy you, my experience has been that auditors want something "authoritative." Wayne and Carole formerly designed iSeries (AS/400) security while with IBM. They currently consult and teach security (and security auditing).

Pat Botz at IBM Rochester would be another "authoritative" reference. I think Pat monitors the forum from time-to-time so he may chime in soon.


        * Jerry C. Adams
*iSeries Programmer/Analyst
B&W Wholesale Distributors, Inc.* *
voice
        615.893.8633x152
fax
        615.995.1201
email
        jerry@xxxxxxxxxxxxxxx <mailto:jerry@xxxxxxxxxxxxxxx>



Harvell, Joel wrote:

If you set a user profile to *disabled it will cause programs that use
that user profile to fail.
Not sure of the wisdom of setting any of the IBM Supplied user Profiles
to password = *none.  I'm hoping that you haven't set any of the User
Profiles that have *secadm access set to *none.  Have your SOX auditors
called you to the carpet for that.
If you are using any of the IBM Supplied user profiles to run scheduled
jobs, I would recommend setting up clones of those user profiles so that
you can disable your IBM supplied User Profiles, if your SOX Auditors
recommend that.

Joel B. Harvell
Food Lion, LLC
(704) 633-8250 x2709
jbharvell@xxxxxxxxxxxx

-----Original Message-----
From: midrange-l-bounces+jbharvell=foodlion.com@xxxxxxxxxxxx
[mailto:midrange-l-bounces+jbharvell=foodlion.com@xxxxxxxxxxxx] On
Behalf Of Greg Wenzloff
Sent: Wednesday, January 25, 2006 8:56 AM
To: midrange-l@xxxxxxxxxxxx
Subject: User profile question

Our SOX auditors are hounding me about User Profiles.    I set most of
the IBM supplied profiles to Password = *none.   I did not change the
Status to *Disabled because I don't know about all of the effects of
doing that.

The help window says:
Status - Help Specifies whether the user profile is valid for sign on or for getting a profile handle. The possible values are: o *ENABLED: The user profile is valid. o *DISABLED: The user profile is not valid.
What does "getting a profile handle" mean?    Will a disabled profile
prevent programs from running?

Greg



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.