SECURITY_INFO view
The SECURITY_INFO view returns one row containing information about the IBM® i security configuration.
The values returned for the columns in the view are closely related to the values returned by the Display Security Attributes (DSPSECA) and Display Security Auditing (DSPSECAUD) CL commands and by the Retrieve Security Attributes (QSYRTVSA) API.
Authorization: The caller must have *AUDIT special authority to see the system values for QAUDCTL, QAUDLVL, QAUDLVL2, and QCRTOBJAUD.
- *OBJOPR and some data authority other than *EXECUTE to journal QSYS/QAUDJRN.
The following table describes the columns in the view. The system name is SEC_INFO. The schema is QSYS2.
Column Name | System Column Name | Data Type | Description |
---|---|---|---|
SECURITY_LEVEL | SECLVL | INTEGER | The security level that is currently being used by the system.
|
PENDING_SECURITY_LEVEL | PENDSECLVL | INTEGER Nullable
|
The security level that the system will use after the next IPL.
Contains the null value if the security level will not change after the next IPL. |
PASSWORD_LEVEL | PWDLVL | INTEGER | The password level that is currently being used by the system.
|
PENDING_PASSWORD_LEVEL | PENDPWDLVL | INTEGER Nullable
|
The password level that the system will use after the next IPL.
Contains the null value if the password level will not change after the next IPL. |
AUDIT_JOURNAL_EXISTS | QAUDJRN | VARCHAR(3) | Whether the security journal QAUDJRN exists.
|
PASSWORD_CHANGE_BLOCK | QPWDCHGBLK | VARCHAR(5) | The current setting for the block password change (QPWDCHGBLK) system value. |
PASSWORD_EXPIRATION_INTERVAL | QPWDEXPITV | VARCHAR(6) | The current setting for the password expiration interval (QPWDEXPITV) system value. |
PASSWORD_EXPIRATION_WARNING | QPWDEXPWRN | INTEGER | The current setting for the password expiration warning (QPWDEXPWRN) system value. |
PASSWORD_LIMIT_DIGITS | QPWDLMTAJC | INTEGER | The current setting for the limit adjacent digits in password (QPWDLMTAJC) system value. |
PASSWORD_LIMIT_CHARACTERS | QPWDLMTCHR | VARCHAR(10) | The current setting for the limit characters in password (QPWDLMTCHR) system value. |
PASSWORD_LIMIT_REPEAT | QPWDLMTREP | INTEGER | The current setting for the limit repeating characters in password (QPWDLMTREP) system value. |
PASSWORD_LIMIT_POSITIONS | QPWDPOSDIF | INTEGER | The current setting for the limit password character positions (QPWDPOSDIF) system value. |
PASSWORD_REQUIRE_DIGIT | QPWDRQDDGT | INTEGER | The current setting for the require digit in password (QPWDRQDDGT) system value. |
PASSWORD_MAXIMUM_LENGTH | QPWDMAXLEN | INTEGER | The current setting for the maximum password length (QPWDMAXLEN) system value. |
PASSWORD_MINIMUM_LENGTH | QPWDMINLEN | INTEGER | The current setting for the minimum password length (QPWDMINLEN) system value. |
PASSWORD_DUPLICATION | QPWDRQDDIF | INTEGER | The current setting for the duplicate password control (QPWDRQDDIF) system value. |
PASSWORD_RULES | QPWDRULES | VARCHAR(750) | The current setting for the password rules (QPWDRULES) system value. |
PASSWORD_VALIDATION_PROGRAM | QPWDVLDPGM | VARCHAR(20) | The current setting for the password validation program (QPWDVLDPGM) system value. |
CREATE_PUBLIC_AUTHORITY | QCRTAUT | VARCHAR(8) | The current setting for the create default public authority (QCRTAUT) system value. |
CREATE_OBJECT_AUDITING | QCRTOBJAUD | VARCHAR(7) | The current setting for the create object auditing (QCRTOBJAUD) system
value. Returns the value *NOTAVL if caller does not have *AUDIT special authority. |
MAXIMUM_SIGNON_ATTEMPTS | QMAXSIGN | VARCHAR(6) | The current setting for the maximum sign-on attempts allowed (QMAXSIGN) system value. |
MAXIMUM_SIGNON_ACTION | QMAXSGNACN | INTEGER | The current setting for the action to take for failed sign-on attempts (QMAXSGNACN) system value. |
VERIFY_OBJECT_RESTORE | QVFYOBJRST | INTEGER | The current setting for the verify object on restore (QVFYOBJRST) system value. |
ALLOW_OBJECT_RESTORE | QALWOBJRST | VARCHAR(150) | The current setting for the allow object restore (QALWOBJRST) system value. |
USE_ADOPTED_AUTHORITY | QUSEADPAUT | VARCHAR(10) | The current setting for the use adopted authority (QUSEADPAUT) system value. |
ALLOW_USER_DOMAIN | QALWUSRDMN | VARCHAR(500) | The current setting for the allow user domain objects in libraries (QALWUSRDMN) system value. |
LIMIT_SECOFR_ACCESS | QLMTSECOFR | INTEGER | The current setting for the limit security officer device access (QLMTSECOFR) system value. |
INACTIVE_JOB_TIMEOUT | QINACTITV | VARCHAR(5) | The current setting for the inactive job time-out (QINACTITV) system value. |
INACTIVE_JOB_MESSAGE_QUEUE | QINACTMSGQ | VARCHAR(20) | The current setting for the inactive job message queue (QINACTMSGQ) system value. |
DISCONNECTED_JOB_INTERVAL | QDSCJOBITV | VARCHAR(5) | The current setting for the time interval before disconnected jobs end (QDSCJOBITV) system value. |
AUTOCONFIGURE_DEVICES | QAUTOCFG | INTEGER | The current setting for the autoconfigure devices (QAUTOCFG) system value. |
AUTOCONFIGURE_REMOTE_
CONTROLLERS |
QAUTORMT | INTEGER | The current setting for the autoconfigure of remote controllers (QAUTORMT) system value. |
AUDITING_CONTROL | QAUDCTL | VARCHAR(50) | The current setting for the auditing control (QAUDCTL) system value. Returns the value *NOTAVL if caller does not have *AUDIT special authority. |
AUDITING_LEVEL | QAUDLVL | VARCHAR(160) | The current setting for the auditing level (QAUDLVL) system value. Returns the value *NOTAVL if caller does not have *AUDIT special authority. |
AUDITING_LEVEL_EXTENSION | QAUDLVL2 | VARCHAR(990) | The current setting for the auditing level extension (QAUDLVL2) system value. Returns the value *NOTAVL if caller does not have *AUDIT special authority. |
AUDIT_JOURNAL_RECEIVER_
LIBRARY |
JRNRCV_LIB | VARCHAR(10) Nullable
|
The name of the library that contains the journal receiver attached
to the security journal. Contains the null value if AUDIT_JOURNAL_EXISTS is NO or if caller is not authorized. |
AUDIT_JOURNAL_RECEIVER | JRNRCV | VARCHAR(10) Nullable
|
The name of the journal receiver attached to the security
journal. Contains the null value if AUDIT_JOURNAL_EXISTS is NO or if called is not authorized. |
OBJECT_AUTHORITY_COLLECTION_
ACTIVE |
OBJ_COLL | VARCHAR(3) | Whether authority collection for objects is active on the
partition. Authority collection for objects is started using the Start Authority Collection
(STRAUTCOL) command with TYPE(*OBJAUTCOL) and ended using the End Authority Collection (ENDAUTCOL)
command with TYPE(*OBJAUTCOL).
The authority collection value for an object is set using the Change Authority Collection (CHGAUTCOL) command with AUTCOLVAL(*OBJINF). |
ALLOW_DIGITAL_CERTIFICATE_
ADD |
DCM_ADD | VARCHAR(3) | Whether digital certificates can be added to a certificate store
using the Add Verifier (QYDOADDV, QydoAddVerifier) API, and whether the password for a certificate
store can be reset using Digital Certificate Manager (DCM).
The Change SST Security Attributes (CHGSSTSECA) command can be used to change this attribute. |
ALLOW_SECURITY_SYSVAL_
CHANGE |
SYSVAL_CHG | VARCHAR(3) | Whether the security related system values can be changed.
The Change SST Security Attributes (CHGSSTSECA) command can be used to change this attribute. |
ALLOW_SERVICE_TOOLS_
PASSWORD_CHANGE |
SSTPWD_CHG | VARCHAR(3) | Whether a service tools user ID with a default password that is
expired can change its own password.
The Change SST Security Attributes (CHGSSTSECA) command can be used to change this attribute. |
NEXT_USER_ID | NEXT_UID | BIGINT | The value that will be used the next time a user ID number (UID) is generated for a user profile. |
NEXT_GROUP_ID | NEXT_GID | BIGINT | The value that will be used the next time a group ID number (GID) is generated for a user profile. |
Example
- Return the security and password levels for the
system.
SELECT SECURITY_LEVEL, PASSWORD_LEVEL FROM QSYS2.SECURITY_INFO;