Enhancements for Managing Service Tools User IDs in 7.4

Service tools user IDs are required to access System Service Tools (SST), Dedicated Service Tools (DST) and the disk management tasks within Navigator for i. These interfaces allow you to perform functions that can have a major impact on your system, such as managing disk units, managing system security and access to tools such as Display/Alter/Dump. It’s important to carefully control access to these service tools.
 
Prior to 7.4, service tools user ID password composition rules were very basic; there was a minimum length requirement and expiration interval.
 
With 7.4, you can now implement password composition rules consistent to those of IBM i user profiles. The password rules available are the same as the ones you can specify with the QPWDRULES system value. You can change the password rules within SST or DST using service tools security options.
 
In 7.4, IBM also provided command interfaces to set (CHGSSTSECA) or display (DSPSSTSECA) service tools security attributes, which includes the SST password rules. This alleviates the need to use the SST or DST menu-driven interfaces to review the settings or make changes. When using the CHGSSTSECA command, you must specify your service tools user ID and password and have the service tools “Service Tools Security” functional privilege. DSPSSTSECA has outfile support, so you also have a programmatic interface to these settings.
 
In addition to adding service tools password rules, you can now create, change, and display service tools user IDs through command interfaces. The Create SST User, Change SST User and Delete SST User commands are new with 7.4; the Display SST User command has been around since the 6.1 release. With the create and change SST user commands you can change the password, enable or disable the ID, link it to an IBM i user profile, and specify the service tools privileges for that service tools user ID. Again, you must have a service tools user ID to use these commands as well as the “Service Tools Security” privilege but having the command interface will make it easier to manage your service tools user IDs.