Manage Learn to apply best practices and optimize your operations.

The scoop on SECOFR user IDs

The scoop on SECOFR user IDs

I'm the information security officer for a local bank and I have run into an issue regarding SECOFR user IDs. Here's my scenario: The IS people have assigned QSECOFR user IDs to two of my users for the sole purpose of resetting user IDs when there is an issue with a password. I read somewhere that there is a "SecureAdmin" User ID that can be established on OS/400 environment that allows the user to only reset passwords and such. Can you provide me any insight to this issue?
Users definitely do not need to be given "QSECOFR" IDs just to administer profiles. You must give the administrators *SECADM special authority. This is required to create, change, delete, etc user profiles. (*ALLOBJ special authority is NOT required.) This should be all they need to administer profiles. However, problems will arise if more than one individual needs to administer (e.g., reset passwords for) the same set of user profiles. If one administrator creates a profile, the other administrator will not have authority to administer the profile. So you can do one of two things -- create a profile whose purpose in life is to own profiles –- I'll call it PROFOWN. Then create a CL program that administrators run. The program is owned by and adopts PROFOWN. Within the CL program, the profile is created and then the ownership is transferred to PROFOWN. Other tools can then be created that adopt PROFOWN that will reset passwords and enable profiles. This way, no user owns the profiles and tools can be written to allow maintenance. Another method is to have the user profiles owned by the group profile that the users administering profiles belong to. Having the administrators' group own the profiles provides the ability for any member of that group to have sufficient authority to be able to manage the profiles.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.