Security level 40

Nilesh, I have been told (years ago) to think of level 40 as virus protection. In addition to the level 30 object protection, level 40 isolates the 3 iSeries/400 domains (Micro code, OS, and user) from each other. Think of 3 circles that touch but don't overlap each other. Where they touch can not be crossed. That's what the SLIC is for, to support interfacing. At least that's what was explained to me. HTH. Regards. Jack

Security level 40

IMO, another very important difference in security levels 30 and 40 is that at level 40, in order to use a job description, you must also be authorized to the user profile in the JOBD. At level 30, you only must be authorized to the JOBD. In other words, at level 30, you could submit jobs to batch with a user profile that you are not otherwise authorized to by just referencing the JOBD! Chris

Security level 40

From a command line, enter WRKSYSVAL SYSVAL(QSECURITY) Choose 5=Display. That will show what security level your system is at. If you want to see descriptions of ALL security levels, including level 40, press F1=Help from that screen. Here's how the online help says for security level 40: The system requires a password to signon and users must have authority to access objects and system resources. Programs fail if they try to access objects through nterfaces that are not supported.

Security level 40

The short version: Level 40 security is the lowest level of security that enforces the IBM Doamin and State values. Briefly, this means that User domain programs (ones that you or your vendors write) can not directly access system domain objects (objects that IBM creates). They must use an approved (by IBM) interface. Some system state objects are very powerful and could (in the hands of a clever programmer) completely invalidate OS/400 security. If you're at all serious about OS/400 security, you should be at securiy level 40 (at least). The long version: See my article in the October issue of MC on QSECURTY levels. It covers the topic it greater detail. jte MC Security Editor