Work with QSECOR-Profile
[*]SECOFR authority may be given to other profiles. If it is necessary, do this, and do not use QSECOFR except in the case of product or release installations, where the instructions specifically state "Sign on as QSECOFR". Dave

Work with QSECOR-Profile

Having suffered the wagging finger of many an auditor I would question very carefully the need for anyone on a production system to have the need for *SECOFR access on other than a maintenance/emergency basis. Nine times out of ten people use QSECOFR because object authority hasn't been set up properly.

Work with QSECOR-Profile

Being a Security Officer, I'll give you my 2 cents on this. There are system functions I use daily that require the use of QSECOFR, including writing utilities. I only use it when absolutely necessary. I also am the system administrator so I'm authorized to use the profile. Only ONE other person has access to the profile and that is my boss, and he never uses it. Programming staff should not need or have access to QSECOFR. There is nothing in their daily routines that would require it. If they need something that they don't have access to then a request to the security officer/administrator should be given with a detailed reason. The Security Officer should either grant authority to what is needed for them or make copies into their libraries (or a development system). My normal profile does not have the authority QSECOFR has. I would find out what they were doing and why. But first I would change the password for QSECOFR and only give it to those people that should have it (CIO - put it in a safe, Boss - as a back-up to you).

Work with QSECOR-Profile

Glen, Just curious. What system functions do your use daily, and what utilities do your write, that requires the QSECOFR user-id? I have always used a personal *SECOFR user-id for all system and security activities. As far as I can remember, I only need QSECOFR to do scratch installs and to set up my personal user-id.