IBM i : Limit Security Officer (QLMTSECOFR) - '1'

Information

The Limit Security Officer (QLMTSECOFR) system value controls whether a user with all-object (*ALLOBJ) or service (*SERVICE) special authority can sign on to any workstation. Limiting powerful user profiles to certain well-controlled workstations provides security protection.

Solution

Set QLMTSECOFR to 1, so that a user with *ALLOBJ or *SERVICE special authority can sign on at a workstation only if that user is specifically authorized (that is, given *CHANGE authority) to the workstation or if user profile QSECOFR is authorized (given *CHANGE authority) to the workstation. This authority cannot come from public authority.

See Also

http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/topic/rzarl/sc415302.pdf

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(1)

Plugin: AS/400

Control ID: 03a4d03219c58a01ccaf37e4b42a91c261932f86263a18f2e5016e4d008cc95d