1.  Home
  2. MIDRANGE-L
  3. February 2004

RE: Can We retire the QSECOFR userid?

I responded with a broader context than your question - mea culpa.

So I was thinking of a (very) few *SECOFR profiles in a shop - then you have an audit trail by user. Or implement a command that swaps a user or developer to a *SECOFR profile, authorized in a controlled fashion, and auditing turned on for the duration of the command execution. The commands does a CALL QCMD or QUSCMDLN (I suppose) and removes the extra authority upon exit.

Later
Vern

At 08:33 AM 2/10/2004 -0500, you wrote: 
1)  You've got a real problem if everything stayed owned by QSECOFR or
MYSECOFR.  Especially programs.
2)  So, if everyone is using MYSECOFR instead of everyone using QSECOFR,
how does that help your audit trail?

Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





Vern Hamberg <vhamberg@xxxxxxxxxxxxxxxxxxxxxxxxx>
Sent by: midrange-l-bounces@xxxxxxxxxxxx
02/09/2004 06:17 PM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
cc

Fax to

Subject
RE: Can We retire the QSECOFR userid?






I can think of a couple reasons not to use QSECOFR all the time:

1. Object ownership - it might be possible to exceed the limits on number
of objects owned

2. Audit trail - using the generic IDs means you have no idea who did what

to whom

Vern

At 04:49 PM 2/9/2004 -0500, you wrote:
>Does anyone really see a difference between having the generic QSECOFR or
>a generic MYSECOFR with the same authorities?  Granted, there are some
>very limited applications where you must be QSECOFR, (ptf's ain't one of
>them).  But does creating the MYSECOFR give you any additional security?
>None that I can think of.  Oh, I suppose you could disable QSECOFR and
>then a hack trying it would have a bear of a time getting in.  But, other
>than that?  If so, why bother?
>
>Rob Berendt


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.