IBM i OS security levels

Probably the most basic decision about security is found in the setting for the QSECURITY system value. Check your current security level setting by running the "Display Security Attributes" (DSPSECA) command.

IBM i currently supports three settings from the value '30' through '50'. Legacy OS versions also supported levels '10' and '20'.

Level 10 - No security at all. Anyone can signon to a terminal session and no passwords are required. Legacy setting, no longer supported.

Level 20 - Signon password security. Once logged on, all users have access to all objects on the system. As of i OS 7.5 this level is no longer available.

Level 30 - Adds object authority to the above. This level requires some object level access planning and implementation.

Level 40 - Adds integrity protection features to the above. This is now the default setting shipped from the factory. At this level, the system enforces the user domain as separate from the system domain. Program requests that cross this border using unapproved interfaces are disallowed.

Level 50 - Adds additional integrity protection features and is intended to meet the US Department of Defense "C2" security requirements. In addition to level 40 controls, certain user objects are restricted, certain messaging options are controlled, modifications to internal control blocks are restricted and changes to the way the QTEMP library is processed.