× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2008

Rép. : RE: How do you manage your QSECOFR profile and other Q profiles?

Since you all have powerfull profiles (I guess powerfull enough to
change the password of QSECOFR if needed), I recomend assining random
password to all Q profiles that allow it.

If you need to use QSECOFR (for os upgrade or the like), you change
it's password for the duration of the task and the randomize it again.

That is what we do here. Sure beats putting the password in an
envelope.

Denis Robitaille
Directeur services technique TI
819 363 6130

SUPPORT
Jour (EST) Daytime : 819-363-6134
En-dehors des heures (EST) After hour : 819-363-6158
Network Status : 819-363-6157

"Chris Bipes" <chris.bipes@xxxxxxxxxxxxxxx> 2008-08-11 15:52 >>>
We do not use any of the Q profiles unless we absolutely need to.
Only
one person knows QSECOFR, me, and I check it once in a while to see if
someone changed the password. I have 3 operators that can change it
if
need be so there is no reason to write down the password and place in
safe. Though that is an accepted practice. I don't think we have
ever
signed on as QSYSOPR, at least since I have taken over the department.
I would not worry about the 90 day expiration on the unused profiles.
Just set a strong password and forget about it. But make sure you
have
it if you need it, though I have been using the AS400 since 1988, I
have
never HAD to sign on as QSECOFR except to install third party
software.
Now I question why QSECOFR and usually do not for software installs.

Just remember to audit the use of all the Q profiles and check to see
if
someone is abusing them.




Chris Bipes
Director of Information Services
CrossCheck, Inc.


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Burns, Bryan
Sent: Monday, August 11, 2008 12:40 PM
To: MIDRANGE-L@xxxxxxxxxxxx
Subject: How do you manage your QSECOFR profile and other Q profiles?

We have a small shop and the five of us - two developers, an
administrator, a manager and a VP - all have powerful enough profiles
that we rarely need to sign on as QSECOFR or any other Q profile.

Because of the powerful profiles we have, we don't really have a
policy
on usage of the QSECOFR profile but I need to write a policy and
manage
the QSECOFR profile properly. What's the best practice here? Should
just one person know it and keep it a record of it in the safe, so if
he's not here, someone can at least get at it?

What about changing it? It seems kind of senseless and error prone to
change it every ninety days in accordance with the rest of our policy
if
it hasn't been used in 90 days.

QSYSOPR hasn't been used since August 2000. Do any of you use the
QSYSOPR profile? I'm thinking the administrator (that'd be me) should
start using it as a day to day profile just for tracking purposes.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.