QSECURITY 40

215 pts.
Tags:
AS400 iseries
Hi All, If I was on QSecurity 30 and shifted the operations to QSecurity 40, knowing that my collected audits collections (logs from QAUDLVL) are ok and passed all possible program failures. Now during operations problems occured. Boom! Can I immediately revert back to QSECURITY 30 and continue my operations? What will happen to my data, object attributes, etc. What are affected? Thank you

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    It would be much faster to read the QSECURITY help text. From the help text:  
    A change to this system value takes effect at the next IPL.  The shipped value is 40.
      What would cause a problem? I've never heard of any. Note that the systems have been shipped at level 40 for a number of years.   Tom
    125,585 pointsBadges:
    report
  • jinteik
    yeah most system that i work with is shipped with 40. do share with us what problems are you facing
    18,085 pointsBadges:
    report
  • iNewbie
    Sorry for the late response.Yes it was shipped with sec level 40. When I was hired to the office the QSECURITY level was already 30 then when migrated to new iSeries we just copied the qsecurity level 30 to avoid problems.Now we need to level up to 40 and that's why I'm asking is I toggle this system value, i can toggle back without any problem. Thank you thom for the extracting the help text. Need to religiously check this before going to the forum. :)I've collected the logs of audit level, whats the next strategic move?Thank you.
    215 pointsBadges:
    report
  • TomLiotta
    I’ve collected the logs of audit level, whats the next strategic move?   If your security auditing is active and you have both *AUTFAIL and *PGMFAIL set as values in QAUDLVL, then you should run long enough to exercise most of the programs that are used in your system. Review the audit entries in order to explain every AF entry that gets logged.   The AF entries should all be normal. For example, if someone gets a "not authorized to object" kind of authority failure, that would be 'normal'. You might expect to see those from time to time at any QSECURITY level.   The AF reason (violation) codes you need to fix are:   B -- Restriction (blocked) instruction violation C -- Object validation failure D -- Unsupported interface (domain) violation J -- Job-description and user-profile authorization failure R -- Attempt to access protected area of disk (enhanced hardware storage protection) S -- default sign-on attempt   You might use this command to list AF entries:   DSPAUDJRNE ENTTYP(AF) USRPRF(*ALL) OUTPUT(*)   The DSPAUDJRNE command is fine for quick reports like this (though it's not recommended for actual problem forensics). If AF entries are listed, they'll likely be violation code 'A', and you can look into those if you wish. But only the above codes are relevant to preparing for QSECURITY 40.   If you have 3rd-party products, you might contact the vendors to verify that there products are compatible with level 40. All of them should be, but it's worth a few calls to their support groups to ensure that they won't cluttering your audit journal reports.   If you run long enough to get through your programs and you don't find any AF entries to fix, then there isn't anything that level 40 will block.   Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following