Recommendations for managing service tools user IDs

Here are the recommendations to ensure the security of your service tools user IDs.

Creating your own version of the QSECOFR service tools user ID

Do not use the IBM-supplied service tools user ID QSECOFR. Instead, review what functional privileges are given to QSECOFR and create a duplicate user ID with a different name that has the same functional privileges. Use this new user ID to manage your other service tools user IDs. This can help eliminate the security exposure that originates because QSECOFR is the value included in every system and is commonly known.

Attention: Do not leave the QSECOFR service tools user ID and password set to the default value. This is a security exposure because this is the value included in every system and is commonly known.

Service tools security functional privilege

The Service tools security functional privilege is the privilege that allows a service tools user ID to create and manage other service tools user IDs. Because this is a powerful privilege, only your QSECOFR-equivalent service tools user ID should be given this privilege. Give careful consideration to whom you grant this functional privilege.

Parent topic: Managing service tools user IDs using DST and SST
Related concepts:
Recovering or resetting QSECOFR passwords
Related reference:
Changing passwords for service tools user IDs