SECURITY_INFO view

Edit online

The SECURITY_INFO view returns one row containing information about the IBM® i security configuration.

The values returned for the columns in the view are closely related to the values returned by the Display Security Attributes (DSPSECA) and Display Security Auditing (DSPSECAUD) CL commands and by the Retrieve Security Attributes (QSYRTVSA) API.

Authorization: The caller must have *AUDIT special authority to see the system values for QAUDCTL, QAUDLVL, QAUDLVL2, and QCRTOBJAUD.

To see the AUDIT_JOURNAL_RECEIVER_LIBRARY and AUDIT_JOURNAL_RECEIVER values, the caller must have:
  • *OBJOPR and some data authority other than *EXECUTE to journal QSYS/QAUDJRN.

The following table describes the columns in the view. The system name is SEC_INFO. The schema is QSYS2.

Table 1. SECURITY_INFO view
Column Name System Column Name Data Type Description
SECURITY_LEVEL SECLVL INTEGER The security level that is currently being used by the system.
20
Password security only
30
Password and object security
40
Password, object, and operating system integrity
50
Password, object, and enhanced operating system integrity
PENDING_SECURITY_LEVEL PENDSECLVL INTEGER
Nullable
 The security level that the system will use after the next IPL.

Contains the null value if the security level will not change after the next IPL.
PASSWORD_LEVEL PWDLVL INTEGER The password level that is currently being used by the system.
0
User profile passwords with a length of 1-10 characters are supported. There is no difference between level 0 and 1.
1
User profile passwords with a length of 1-10 characters are supported. There is no difference between level 0 and 1.
2
User profile passwords with a length of 1-128 characters are supported.
3
User profile passwords with a length of 1-128 characters are supported. User profile passwords for password levels 0 and 1 are removed from the system.
4
User profile passwords with a length of 1-128 characters are supported. User profile passwords for password levels 0, 1, 2, and 3 are removed from the system.
PENDING_PASSWORD_LEVEL PENDPWDLVL INTEGER
Nullable
 The password level that the system will use after the next IPL.

Contains the null value if the password level will not change after the next IPL.
AUDIT_JOURNAL_EXISTS QAUDJRN VARCHAR(3) Whether the security journal QAUDJRN exists.
NO
The security journal QAUDJRN does not exist.
YES
The security journal QAUDJRN exists.
PASSWORD_CHANGE_BLOCK QPWDCHGBLK VARCHAR(5) The current setting for the block password change (QPWDCHGBLK) system value.
PASSWORD_EXPIRATION_INTERVAL QPWDEXPITV VARCHAR(6) The current setting for the password expiration interval (QPWDEXPITV) system value.
PASSWORD_EXPIRATION_WARNING QPWDEXPWRN INTEGER The current setting for the password expiration warning (QPWDEXPWRN) system value.
PASSWORD_LIMIT_DIGITS QPWDLMTAJC INTEGER The current setting for the limit adjacent digits in password (QPWDLMTAJC) system value.
PASSWORD_LIMIT_CHARACTERS QPWDLMTCHR VARCHAR(10) The current setting for the limit characters in password (QPWDLMTCHR) system value.
PASSWORD_LIMIT_REPEAT QPWDLMTREP INTEGER The current setting for the limit repeating characters in password (QPWDLMTREP) system value.
PASSWORD_LIMIT_POSITIONS QPWDPOSDIF INTEGER The current setting for the limit password character positions (QPWDPOSDIF) system value.
PASSWORD_REQUIRE_DIGIT QPWDRQDDGT INTEGER The current setting for the require digit in password (QPWDRQDDGT) system value.
PASSWORD_MAXIMUM_LENGTH QPWDMAXLEN INTEGER The current setting for the maximum password length (QPWDMAXLEN) system value.
PASSWORD_MINIMUM_LENGTH QPWDMINLEN INTEGER The current setting for the minimum password length (QPWDMINLEN) system value.
PASSWORD_DUPLICATION QPWDRQDDIF INTEGER The current setting for the duplicate password control (QPWDRQDDIF) system value.
PASSWORD_RULES QPWDRULES VARCHAR(750) The current setting for the password rules (QPWDRULES) system value.
PASSWORD_VALIDATION_PROGRAM QPWDVLDPGM VARCHAR(20) The current setting for the password validation program (QPWDVLDPGM) system value.
CREATE_PUBLIC_AUTHORITY QCRTAUT VARCHAR(8) The current setting for the create default public authority (QCRTAUT) system value.
CREATE_OBJECT_AUDITING QCRTOBJAUD VARCHAR(7) The current setting for the create object auditing (QCRTOBJAUD) system value.

Returns the value *NOTAVL if caller does not have *AUDIT special authority.
MAXIMUM_SIGNON_ATTEMPTS QMAXSIGN VARCHAR(6) The current setting for the maximum sign-on attempts allowed (QMAXSIGN) system value.
MAXIMUM_SIGNON_ACTION QMAXSGNACN INTEGER The current setting for the action to take for failed sign-on attempts (QMAXSGNACN) system value.
VERIFY_OBJECT_RESTORE QVFYOBJRST INTEGER The current setting for the verify object on restore (QVFYOBJRST) system value.
ALLOW_OBJECT_RESTORE QALWOBJRST VARCHAR(150) The current setting for the allow object restore (QALWOBJRST) system value.
USE_ADOPTED_AUTHORITY QUSEADPAUT VARCHAR(10) The current setting for the use adopted authority (QUSEADPAUT) system value.
ALLOW_USER_DOMAIN QALWUSRDMN VARCHAR(500) The current setting for the allow user domain objects in libraries (QALWUSRDMN) system value.
LIMIT_SECOFR_ACCESS QLMTSECOFR INTEGER The current setting for the limit security officer device access (QLMTSECOFR) system value.
INACTIVE_JOB_TIMEOUT QINACTITV VARCHAR(5) The current setting for the inactive job time-out (QINACTITV) system value.
INACTIVE_JOB_MESSAGE_QUEUE QINACTMSGQ VARCHAR(20) The current setting for the inactive job message queue (QINACTMSGQ) system value.
DISCONNECTED_JOB_INTERVAL QDSCJOBITV VARCHAR(5) The current setting for the time interval before disconnected jobs end (QDSCJOBITV) system value.
AUTOCONFIGURE_DEVICES QAUTOCFG INTEGER The current setting for the autoconfigure devices (QAUTOCFG) system value.
AUTOCONFIGURE_REMOTE_
CONTROLLERS
 QAUTORMT INTEGER The current setting for the autoconfigure of remote controllers (QAUTORMT) system value.
AUDITING_CONTROL QAUDCTL VARCHAR(50) The current setting for the auditing control (QAUDCTL) system value.

Returns the value *NOTAVL if caller does not have *AUDIT special authority.
AUDITING_LEVEL QAUDLVL VARCHAR(160) The current setting for the auditing level (QAUDLVL) system value.

Returns the value *NOTAVL if caller does not have *AUDIT special authority.
AUDITING_LEVEL_EXTENSION QAUDLVL2 VARCHAR(990) The current setting for the auditing level extension (QAUDLVL2) system value.

Returns the value *NOTAVL if caller does not have *AUDIT special authority.
AUDIT_JOURNAL_RECEIVER_
LIBRARY
 JRNRCV_LIB VARCHAR(10)
Nullable
 The name of the library that contains the journal receiver attached to the security journal.

Contains the null value if AUDIT_JOURNAL_EXISTS is NO or if caller is not authorized.
AUDIT_JOURNAL_RECEIVER
 JRNRCV VARCHAR(10)
Nullable
 The name of the journal receiver attached to the security journal.

Contains the null value if AUDIT_JOURNAL_EXISTS is NO or if called is not authorized.
OBJECT_AUTHORITY_COLLECTION_
ACTIVE
 OBJ_COLL VARCHAR(3) Whether authority collection for objects is active on the partition. Authority collection for objects is started using the Start Authority Collection (STRAUTCOL) command with TYPE(*OBJAUTCOL) and ended using the End Authority Collection (ENDAUTCOL) command with TYPE(*OBJAUTCOL).
NO
Authority collection for objects is not active on the partition.
YES
Authority collection for objects is active for objects with an authority collection value of *OBJINF.

The authority collection value for an object is set using the Change Authority Collection (CHGAUTCOL) command with AUTCOLVAL(*OBJINF).
ALLOW_DIGITAL_CERTIFICATE_
ADD
 DCM_ADD VARCHAR(3) Whether digital certificates can be added to a certificate store using the Add Verifier (QYDOADDV, QydoAddVerifier) API, and whether the password for a certificate store can be reset using Digital Certificate Manager (DCM).
NO
Digital certificates cannot be added to a certificate store using the QYDOADDV API, and certificate store passwords cannot be reset using DCM.
YES
Digital certificates can be added to a certificate store using the QYDOADDV API, and certificate store passwords can be reset using DCM.

The Change SST Security Attributes (CHGSSTSECA) command can be used to change this attribute.

ALLOW_SECURITY_SYSVAL_
CHANGE
 SYSVAL_CHG VARCHAR(3) Whether the security related system values can be changed.
NO
The security related system values cannot be changed.
YES
The security related system values can be changed.

The Change SST Security Attributes (CHGSSTSECA) command can be used to change this attribute.

ALLOW_SERVICE_TOOLS_
PASSWORD_CHANGE
 SSTPWD_CHG VARCHAR(3) Whether a service tools user ID with a default password that is expired can change its own password.
NO
A service tools user ID with a default password that is expired cannot change its own password.
YES
A service tools user ID with a default password that is expired can change its own password.

The Change SST Security Attributes (CHGSSTSECA) command can be used to change this attribute.

Start of change
ALLOW_PASSWORD_EXIT_
PROGRAM_ADD_REMOVE
End of change		 Start of changeEXIT_CHGEnd of change Start of changeVARCHAR(3)End of change Start of changeWhether exit programs are allowed to be added to the QIBM_QSY_CHK_PASSWRD and QIBM_QSY_VLD_PASSWRD exit points with the Add Exit Program (ADDEXITPGM) command and the Add Exit Program (QUSADDEP, QusAddExitProgram) API, and removed from the exit points with the Remove Exit Program (RMVEXITPGM) command and Remove Exit Program (QUSRMVEP, QusRemoveExitProgram) API.
NO
Password exit programs cannot be added or removed.
YES
Password exit programs can be added or removed.

The Change SST Security Attributes (CHGSSTSECA) command can be used to change this attribute.

End of change
NEXT_USER_ID NEXT_UID BIGINT The value that will be used the next time a user ID number (UID) is generated for a user profile.
NEXT_GROUP_ID NEXT_GID BIGINT The value that will be used the next time a group ID number (GID) is generated for a user profile.