× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2004

RE: Can We retire the QSECOFR userid?

John:

That's exactly what I've done at every site before the one I work at now. (It's 
not my responsibility here.) The only two issues I ever ran into were:

1. Vendors with install instructions requiring QSECOFR.
2. IBM install instructions requiring QSECOFR.

In case #1, there was only one significant instance of a vendor being unwilling 
to change their procedure. Since there was no valid requirement for it, and 
since they would not provide me with what I requested before approving the 
installation, and since I was in the official Security Officer position at a 
government site, and since higher management overrode my objection and directed 
me to install anyway, I turned in my resignation two days later. (The eventual 
results were extremely amusing to me.)

In case #2, IBM regularly requests PTFs, etc., to be done under QSECOFR, at 
least up until a year or two ago. Haven't been involved with that much lately.

Obviously QSECOFR can be needed for certain DST/SST recovery options kinds of 
things, as you mentioned. But I've seen no need for it otherwise, except for 
the two cases above, in some 15 years now.

Tom Liotta

p.s. You coulda just paged me.

midrange-l-request@xxxxxxxxxxxx wrote:

>  10. Can We retire the QSECOFR userid? (John Earl)
>
>Is it possible for an individual shop to retire the QSECOFR
>ID and never, ever use it again?  The idea goes something
>like this.
>
>
>
>1.  Duplicate the QSECOFR ID and Call the new one
>ZSECOFR.  Use ZSECOFR (or other functional equivalents) for
>all administration features that require enhanced authority.
>2.  Have someone like the CEO change the QSECOFR
>password and put the password in a safe so that it is never
>used.
>
>
>
>If you did that, what functions would you ever need to open
>the safe for?  So far I can think of only two.
>
>
>
>1.  If all of your other *ALLOBJ profiles were disabled
>and you could only reset them with QSECOFR (not likely, but
>possible)
>2.  If some stupid software vendor hard-codes into their
>product that you must use "QSECOFR" to install or change
>something (It happens, but still, this should be a rare
>event.  And with the right software vendors, it may never
>happen).
>
>
>
>Am I missing any others?  Is there something obvious that I
>am overlooking?

-- 
Tom Liotta
The PowerTech Group, Inc.
19426 68th Avenue South
Kent, WA 98032
Phone  253-872-7788 x313
Fax    253-872-7904
http://www.powertech.com


__________________________________________________________________
New! Unlimited Netscape Internet Service.
Only $9.95 a month -- Sign up today at http://isp.netscape.com/register
Act now to get a personalized email address!

Netscape. Just the Net You Need.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.