What are the ramifications of going from security level 20 to level 30 (and possibly 40)? The business that recently hired me is at security level 20, which I have never seen -- all shops I have worked at are at level 40.
The issue with moving to security level 40 from level 20 is that you have to determine how users are going to get access to application objects. At security level 20, users, by default, are created with *ALLOBJ special authority. That means that they have access to every object on the system. When you IPL the system from 20 to 30, 40 or 50, *ALLOBJ is stripped away from all users not in the *SECOFR user class. So you will have to accommodate the loss of *ALLOBJ. This is typically a much bigger challenge than moving to security level 40, which is pretty straightforward.
Once you've figured out how to get off of level 20, I'd make the extra effort (which isn't much) and go right for security level 40. You can't guarantee security or operating system integrity unless you're at that level or higher. I've documented the steps to move to level 40 in an MCPressonline Security Patrol article entitled, .jmCnbaIOe1h.644794@.6ae55a97!sectionid= .5bfbaeb9>Why aren't all systems at security level 40 or 50?
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
When error messages arise concerning attempts to use a permanent system object without authority, find the source of the issue by looking for an AF ... Continue Reading