Re: programmers using qsecofr or qsecaadm to run programs?
- From: "gary" <ihatespam_dontspamme_@xxxxxxxxxxx>
- Date: Wed, 22 Feb 2006 08:30:17 -0500
thanks for the info.
I think it is one of those deals where "its always been done that way",
probably setup by someone who isnt even here now.
gary
<jsev99@xxxxxxxxxxx> wrote in message
news:1140556134.159491.277280@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gary wrote:
I found that several of our programmers are logging in as qsecadm or
qsecofr
or an account with those rights to run certain programs like EDI and
month
end backups.
wouldnt these be instances were they should use adoptive authority?
For backups, I can not see any reason for requiring these profiles.
They should be using an ID with *SAVSYS authority which I would have
thought would be sufficient for performing backups.
As for EDI, don't know what that is. However, if your applications are
secured appropriately, there should be no need to use a QSECOFR like
profile for anything. These types of IDs give people free rein on the
system so they most certainly should not be using them. It also means
you will have no idea who actually performed the tasks which makes
auditing difficult.
.
- Follow-Ups:
- Re: programmers using qsecofr or qsecaadm to run programs?
- From: jsev99
- Re: programmers using qsecofr or qsecaadm to run programs?
- From: arrowcomputer
- Re: programmers using qsecofr or qsecaadm to run programs?
- References:
- Prev by Date: transport As/400 620 from toronto to US in personal vehicle
- Next by Date: HOW TO TELL TIME OF POWER FAILURE
- Previous by thread: Re: programmers using qsecofr or qsecaadm to run programs?
- Next by thread: Re: programmers using qsecofr or qsecaadm to run programs?
- Index(es):
Relevant Pages
|
Loading
