Secure the qsecofr profile

pts.
Tags:
Security management
We are looking for a way to secure the qsecofr profile, more specifically, limit who can change the password. Certain applications on our system require intermittent use of the qsecofr profile, by users with SECADM and ALLOBJ, making it difficult to keep Qsecofr secure when mutable users can change the password. I have looked at an exit point ?CHGP0100?, but don?t see that we can prevent changes to a given profile. Any suggestions will be appreciated. Thank you, Mark
Asked: Last updated:
Related Questions
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

why not assigned only certain users to hv those authorities? create something like trigger whenever user use the “CHGUSRPRF” command. Or secure the “CHGUSRPRF” command by a user group (or userid like your own userid) and limit the users who can have access to this command.

in as400 everything is an object, so search for the “CHGUSRPRF” object and add an authority list on top. Take out the special authorities from all those irresponsible users and realigned who can be given those authorities in their as400 profiles

if everybody screams go to your boss and push through a “reform”

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Tbfleet
    Is it possible for you to modify those applications requiring qsecofr to adopt qsecofr privledges. This way you do not need to know the qsecofr password or be signed on as qsecofr.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: