Q
Manage Learn to apply best practices and optimize your operations.

Set QSECOFR for limited devices

Our departmental site has V4R5. The company is large, but our staff is small (one person wearing many hats). Auditing wants to set the QSECOFR to be able to sign only on to a limited number of devices. However, all network workstations, controlled by the company IT department, are dynamically assigned (except for the console). How is this to be done when the users are 'assigned' a device when they sign on?

I'm assuming that your auditors want you to use the QLMTSECOFR system value. If you turn it "on" that means that users with *ALLOBJ and/or *SERVICE special authority can only sign on devices to which they have been given explicit authority of *CHANGE. You can give QSECOFR *CHANGE authority to specific devices and then all *ALLOBJ or *SERVICE users can sign on the device. However, as you point out, this is very difficult when you are using DHCP. In your case, the only way you can implement this is to use "named devices." That is, instead of QPADEV*, a TELNET exit program assigns an actual device name to the session. Then you can grant authority to that device. Otherwise, you have to grant authority to all virtual devices and that defeats the purpose. I believe there is an example of this type of exit program here.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: Tips, tutorials and more.

Search400.com's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Read this Search400.com Featured Topic: Secure your iSeries


This was last published in October 2002

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

Close