Previous Topic: Shipment or Owning ProfilesNext Topic: Implementation of Security

Work Management StandardsUser Profile and Security StandardsUser ProfilesSecurity Officer Profile

Security Officer Profile

You should try to use QSECOFR as little as possible. It should only be necessary to use it to administer profiles and to resolve authorization problems.

The security officer should regularly change the QSECOFR password. In order to ensure that it is always possible to obtain access to the machine as a security officer, you can use the following technique:

  1. Create a special subprofile of QSECOFR, for example USECOFR.

    CRTUSRPRF USRPRF(USECOFR) PASSWORD(NEVERMORE) INLPGM(QCL) + GRPPRF(QSECOFR)

    Record the password to this profile in a secure place, for instance, in a safe at the bank. Do not use the profile except in emergencies.

  2. In the event of an emergency, (for example, loss or unavailability of QSECOFR), the profile can be used to determine the QSECOFR profile, or to reset the password.