It depends on whether you want to take advantage of Resource Security or not, and since the only reason to move from 20 to 30 is to implement resource security, I assume this is what you want to do. If you don't want to do this, you can slam-dunk 20 to 30 by simply giving all user profiles *ALLOBJ special authority, setting the system value QSECURITY to 30, and performing an IPL.
You can go directly from 20 to 40, but I encourage you to take one step at a time. Once you are up and running on level 30, level 30 to 40 is trivial.
Your big hurdle in implementing resource security in level 30 is that you must plan and revamp all your security schemes. It's not difficult, but a lot of planning is required. Creating group profiles and authorization lists, and assigning them to the right users and objects is not a big deal, it's the planning that goes into it that makes this a major project.
During the implementation of level 30, be ready to field many frantic phone calls that will come your way. Authority violations will occur, and you need to be around to fix them quickly.
Once you have resource security implemented, you can take the next step to level 40. This move is well documented in the iSeries Security Reference Guide. The following link is for the OS/400 V5R1 guide.
================================== MORE INFORMATION ON THIS TOPIC ==================================
The Best Web Links: Tips, tutorials and more.
Search400.com's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400.com Featured Topic: Secure your iSeries
This was first published in October 2002