iSeries – Can I have a program that can read QSYSOPR msgq and execute a pgm?

Hi there; If QSECOFR is disabled, and I get the corresponding CPF1393 (thanks PaulThomas) message id in QSYSOPR, then: - Is there a way to automatically re-enable it? - Maybe by a PGM? - I thought of a once a day to read QSYSOPR, search for CPF1393, if text contains QSECOFR, then reset it. Is this what you would do? Thanks to all Bruno (aka Mutkey)

Answer Wiki

Thanks. We'll let you know when a new response is added.


First of all I would query who is using QSECOFR and why it is being disabled regularly (I presume it is, as you want to scan for the message on a daily basis).

As QSECOFR is the ultimate profile on the 400, I would strongly recommend you restrict it’s usage.

However, if for whatever reason you need to use it regularly and it is becoming frequently disabled, I would not go to the effort of writing a pgm, I would simply use a scheduler (IBM supplied, Robot, etc) to perform a CHGUSRPRF QSECOFR *ENABLED on a pre-defined basis.

If QSECOFR is not disabled, nothing will change but if it is…..!!!


Automatic re-enablement of <b>any</b> profile other than perhaps a designated GUEST profile with strong controls is a seriously risky process. Any auditor who saw such a process should order it shut down immediately. Why have a disabling process if it’s simply going to be automatically re-enabled?

Any re-enablement should wrapped in an appropriate challenge/response proc.

Further, for QSECOFR in particular, there is no point to it. It <i>should</i> be disabled and it should stay that way most of the time.


I agree with the above comments as to investigating why QSECOFR is being Disabled,
But another option is to use Management Central, Message Monitors. You can set this up to monitor for the CPF message in Qsysopr and it will execute a trigger program that could Enable the Qsecofr Profile.

Hope this helps,

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TheQuigs
    You can monitor any message queue by using a Break Handling exit program. Here's the URL for the V5R2 Information Center: and for the V5R3 Information Center: Then you use would issue a CHGMSGQ QSYSOPR *BREAK PGM(yourlib/yourpgm)
    0 pointsBadges:
  • JPLamontre
    if you reroute qsysopr msgq to a user program, you can have side effects when logging with qsecofr. for a sample of break-message receiver, look at for a sample of regular-basis qsysopr inspection, look at my qsysopr supervisor
    0 pointsBadges:
  • WoodEngineer
    Check out the Start Watch (STRWCH) command. It allows you to watch for specific messages and take an action of your choice. Once started, it just keeps running until you end it. One of the recent newsletters included a program to re-enable a user profile when disabled by watching for the exact message you mentioned. As suggested above, we use it to watch for a common user profile many people use to log into the system to enter their time. These folks can only do that one function so it is safe to auto re-enable the user profile. In your case, you could use the data retrieved to learn exactly when QSECOFR became disabled and who triggered it. As others have said, just re-enabling QSECOFR is not the answer. It is important to find out who is trying to use QSECOFR and stop them. Maybe someone has a script that tries to log on as QSECOFR with an old password. I don't know when STRWCH was introduced. We are running it on a V5R4 system.
    8,225 pointsBadges:
  • Splat
    I'd suggest creating the QSYSMSG message queue in QSYS - messages about profiles being disabled will go there rather than to QSYSOPR. Monitoring that queue, either manually or via a program, would be easier. I would never set up a job to automatically re-enable QSECOFR - it's an invitation to trouble.
    12,855 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: