Manage Learn to apply best practices and optimize your operations.

Moving from security level 20 to level 30

What are the ramifications of going from security level 20 to level 30 (and possibly 40)? The business that recently hired me is at security level 20, which I have never seen -- all shops I have worked at are at level 40.

The issue with moving to security level 40 from level 20 is that you have to determine how users are going to get access to application objects. At security level 20, users, by default, are created with *ALLOBJ special authority. That means that they have access to every object on the system. When you IPL the system from 20 to 30, 40 or 50, *ALLOBJ is stripped away from all users not in the *SECOFR user class. So you will have to accommodate the loss of *ALLOBJ. This is typically a much bigger challenge than moving to security level 40, which is pretty straightforward.

Once you've figured out how to get off of level 20, I'd make the extra effort (which isn't much) and go right for security level 40. You can't guarantee security or operating system integrity unless you're at that level or higher. I've documented the steps to move to level 40 in an MCPressonline Security Patrol article entitled, .jmCnbaIOe1h.644794@.6ae55a97!sectionid= .5bfbaeb9>Why aren't all systems at security level 40 or 50?


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.