|
You also should make sure programs are not adopting her authority because
moving them to another profile with different authorities will break
things.
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Chris
Bipes
Sent: Monday, October 20, 2014 10:37 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Delete powerful profile that owns everything
Don't know about best practice but we try to create an owner for each
application. We make QSECOFR the owner for all user profiles. (Probably
not the best practice.) The IFS gets to be a real pain.
I would create a service account for the sys admin and change owner to it
as
a temporary stop gap until you can formalize a plan that satisfies you and
the auditors and then start changing ownership of the service account owned
objects. (Service accounts should not have a password and initial program
be signoff.)
Chris Bipes
Director of Information Services
CrossCheck, Inc.
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim
Franz
Sent: Monday, October 20, 2014 7:30 AM
To: Midrange Systems Technical Discussion
Subject: Delete powerful profile that owns everything
This is more of a discussion than a question.
Auditors are requiring we remove profiles for former employees, and we
recently lost our Sys Admin of ten years... and she owned "almost"
everything.
I already knew it was not a healthy setup, but the question is what form to
change to.
The removal of the profile has the option to reassign the ownership.
There are several package apps and inhouse apps.
The "Q" profiles do not own stuff except where the IBM product has a
profile
(like IBM Content Manager). Most of the products do have a profile.
We can create a profile to install/upgrade and own.
Also finding her profile in products using ftp..
Best practice?
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact copyright@midrange.com.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.