MIDRANGE dot COM Mailing List Archive



Home » SECURITY400 » August 2001

Re: user profile question



fixed

> I would think that QSTRUP must be running with QSECOFR authority since it
> tends to do a lot of things QPGMR normally doesn't have access to.  But
> that's just a guess.
QPGMR is the profile for the QSTRUPJD (job description) that runs the
starting
job. QSECOFR has nothing to do with it. *public is excluded from the jobd,
and
you don't want to give this process ALL authority and let your pgmrs change
it!
jim franz

----- Original Message -----
From: "Jim Langston" <jlangston@celsinc.com>
To: <security400@midrange.com>
Sent: Tuesday, August 21, 2001 12:18 PM
Subject: RE: [Security400] user profile question


> Honestly, I don't think it really matters who owns the user profiles.
>
> In a strict security situation, it would be the one profile you create to
do
> security officer functions.  It has been advised to create a new user
> profile with QSECOFR authority and use that user profile for security
> issues, only using QSECOFR when you have to, and to create this account.
>
> I think the biggest reason behind this is because if you only have QSECOFR
> authorized to administer accounts and you hose the QSECOFR account you're
> going to wind up booting to DST to get the profile back.  If you have 2
> profiles if one gets hosed you can fix it with the other.
>
> When you create a new user and a new user profile, you own the account.
>
> As for QSTRUP, I'm not sure.  I just know in the company I administered my
> account owned it, since it was my account that modified and maintained it.
> Never considered any ownership implications on it.
>
> I would think that QSTRUP must be running with QSECOFR authority since it
> tends to do a lot of things QPGMR normally doesn't have access to.  But
> that's just a guess.
>
> As for what to read, there should of been a book that came with your
AS/400
> or your OS, don't' remember which, called "Securing your AS/400" or
> something very similar.  That's a good starting point and I had read it
> cover to cover, although admittedly I didn't do 100% of the things in it,
> just 90% or so.
>
> Regards,
>
> Jim Langston
> Programmer/Analyst
> Cels Enterprises, Inc.
>
> -----Original Message-----
> From: security400-admin@midrange.com
> [mailto:security400-admin@midrange.com]On Behalf Of
> gcrane@johansonmfg.com
> Sent: Tuesday, August 21, 2001 3:21 AM
> To: security400@midrange.com
> Subject: [Security400] user profile question
>
>
> I am here and certainly no guru.  I need all the help I can get.  :-)
>
> I have a couple of questions:
>
> 1.   regarding user profiles......who should own them?   The administrator
> of
> our company or QSECOFR?
>
> 2.  QSTRUP - who should own this?  and who is running it at IPL time -
QPGMR
> or
> QSECOFR?
>
> Thanks for any direction on this.  Where/what should I be reading?
>
> _______________________________________________
> This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
> To post a message email: Security400@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/security400
> or email: Security400-request@midrange.com
>







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact