× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2006

RE: Installing 3rd Party Software using QSECOFR

midrange-l-request@xxxxxxxxxxxx wrote:


  5. Re: Installing 3rd Party Software using QSECOFR (Dave Schnee)

This is in response to many posts about requiring QSECOFR authority to 
install a software package and why that's always absolutely terrible and 
unnecessary.

Sometimes, it is needed.

We market a product that requires QSECOFR authority to install.  We are 
not IBM.



Dave:

I don't mind hearing about valid exceptions; it'll be a long time before I know 
everything.

Perhaps it would be worthwhile to supply a general description of the need and 
involved objects to security/auditing companies such as my employer.

We could, for example, possibly add your objects to lists of exceptions that we 
distribute inside of our ComplianceMonitor product. We are looking at various 
default "templates" for a lack of a better term. Companies that have your 
products might then be able simply to click on a "Barsa Consulting" block and 
have it automatically included in the exceptions they allow rather than needing 
to contact you and enter a list manually.



We include a section in our technical manual entitled "Show this section 
to your security auditor" - because we're proud of the way we have handled 
security issues to provide full capabilities without security exposure.


<snip general discussion of multiple needed authorities>


We also run in multiple partitions of a System i server and propagate our 
own software updates, when installed, from one partition to another and 
automatically reinstall the upgrade for the user's convenience.


Multi-system/LPAR/single-hardware-platform and control over all data transfer 
encryption -- certainly candidates for QSECOFR though I haven't heard specific 
examples. The LPAR management stuff is definitely outside my day-to-day though.

If you know particular examples for QSECOFR requirement, it'd be a service to 
everyone else to let us know what they are. While needing a number of special 
authorities makes the use of QSECOFR convenient, it might also be convenient 
for customers to use a separate *SECOFR profile.

But if a requirement exists, general education is best, IMO. Most often to me, 
that means discussion on this list.

I use IBM's Software Product APIs to create, save, restore, delete and license 
some of our products, including licensing by LPAR. And it takes a bunch of 
special authority to install many of our products for many of the same reasons 
you listed. But I haven't seen a requirement for QSECOFR yet.

I'm always willing to learn.

Tom Liotta

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.