Profiles starting with Q are usually set up by IBM and come with the recommended default enabled / disabled setting. The password for these profiles should be changed from their default password to something known only to those in IT that need to use the profiles.
Appendix B., IBM-Supplied User Profiles, in the Security Reference manual covers IBM profiles. The general STATUS() default for all IBM profiles is *ENABLED. Table 144 in Appendix B lists differences for each IBM profile for defaults. For example, the QCLUMGT profile is one of those that is supplied as STATUS(*DISABLED).
Note that the default is not the same as what the value ought to be for any profile. If you don't want logons to be processed for an IBM profile, then set it to STATUS(*DISABLED) regardless of any default.
Also note that IBM believes that a number of profiles should not have passwords. For example, the CFGSYSSEC command will set QSYSOPR, QPGMR, QUSER, QSRV and QSRVBAS to PASSWORD(*NONE) because they should not be logged onto except in unusual circumstances.
Last Wiki Answer Submitted: June 22, 2010 12:30 am by Teandy5,830 pts.