How Do I Move From AS400 Security Level 30 To 40?

AS/400 security
I have reviewed system values for QAUDLVL and found the we have the appropriate values running. I have reviewed the journals that contain over 3 months of information and determined that we have no AF or J entries. Is this all I need to verify before I recommend that we move to level 40? I have identified some JOBD's that we need to discuss internally but is this really that easy? What am I missing? Thanks in advance for your assistance.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Changing to Security Level 40
Make sure that all your applications run successfully at security level 30 before migrating to level 40. Security level 30 gives you the opportunity to test resource security for all your applications. Use the following procedure to migrate to security level 40:

  • Activate the security auditing function, if you have not already done so. The topic “Setting up Security Auditing” on page 258 gives complete instructions for setting up the auditing function.
  • Make sure the QAUDLVL system value includes *AUTFAIL and *PGMFAIL. *PGMFAIL logs journal entries for any access attempts that violate the integrity protection at security level 40.
  • Monitor the audit journal for *AUTFAIL and *PGMFAIL entries while running all your applications at security level 30. Pay particular attention to the following reason codes in AF type entries: B Restriction (blocked) instruction violation C Object validation failure D Unsupported interface (domain) violation J Job-description and user-profile authorization failure R Attempt to access protected area of disk (enhanced hardware storage protection) S Default sign-on attemptThese codes indicate the presence of integrity exposures in your applications. At security level 40, these programs fail.
  • If you have any programs that were created before Version 1 Release 3, use the CHGPGM command with the FRCCRT parameter to create validation values for those programs. At security level 40, the system translates any program that is restored without a validation value. This can add considerable time to the restore process. See the topic “Validation of Programs Being Restored” on page 14 for more information about program validation. Note: Restore program libraries as part of your application test. Check the audit journal for validation failures.
  • Based on the entries in the audit journal, take steps to correct your applications and prevent program failures. 6. Change the QSECURITY system value to 40 and perform an IPL.

This is all found on Chapter 2 of Security Manual.

Discuss This Question:  

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: