× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Is there a record in the security audit journal that would show adopting
authority to a specific profile?

btw - We are fairly tight on exit procedures and no exiting
person's profile should be still active by the time they leave the
building.
We did a reset of QSECOFR profile, HMC , etc.
It was a friendly exit.
Jim


On Mon, Oct 20, 2014 at 11:05 AM, John R. Smith, Jr. <smith5646@xxxxxxxxx>
wrote:

You also should make sure programs are not adopting her authority because
moving them to another profile with different authorities will break
things.

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Chris
Bipes
Sent: Monday, October 20, 2014 10:37 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Delete powerful profile that owns everything

Don't know about best practice but we try to create an owner for each
application. We make QSECOFR the owner for all user profiles. (Probably
not the best practice.) The IFS gets to be a real pain.

I would create a service account for the sys admin and change owner to it
as
a temporary stop gap until you can formalize a plan that satisfies you and
the auditors and then start changing ownership of the service account owned
objects. (Service accounts should not have a password and initial program
be signoff.)

Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim
Franz
Sent: Monday, October 20, 2014 7:30 AM
To: Midrange Systems Technical Discussion
Subject: Delete powerful profile that owns everything

This is more of a discussion than a question.
Auditors are requiring we remove profiles for former employees, and we
recently lost our Sys Admin of ten years... and she owned "almost"
everything.
I already knew it was not a healthy setup, but the question is what form to
change to.
The removal of the profile has the option to reassign the ownership.
There are several package apps and inhouse apps.
The "Q" profiles do not own stuff except where the IBM product has a
profile
(like IBM Content Manager). Most of the products do have a profile.
We can create a profile to install/upgrade and own.
Also finding her profile in products using ftp..
Best practice?

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.