Retrieve System Values (QWCRSVAL) API
Required Parameter Group:
1 | Receiver variable | Output | Char(*) |
2 | Length of receiver variable | Input | Binary(4) |
3 | Number of system values to retrieve | Input | Binary(4) |
4 | System value names | Input | Array(*) of Char(10) |
5 | Error code | I/O | Char(*) |
Default Public Authority: *USE
Threadsafe: Yes
The Retrieve System Values (QWCRSVAL) API lets you retrieve system values.
Authorities and Locks
You must have either all object (*ALLOBJ) or audit (*AUDIT) special authority to retrieve the values for QAUDCTL, QAUDENDACN, QAUDFRCLVL, QAUDLVL, QAUDLVL2, and QCRTOBJAUD.
Required Parameter Group
- Receiver variable
- OUTPUT; CHAR(*)
The variable that is to receive the information requested. For the format, see Format of Data Returned.
- Length of receiver variable
- INPUT; BINARY(4)
The length of the receiver variable described in the Format of Data Returned. If the length is larger than the size of the receiver variable, the results may not be predictable. The minimum length is 28 bytes.
- Number of system values to retrieve
- INPUT; BINARY(4)
The total number of system values to retrieve.
- System value names
- INPUT; ARRAY(*) of CHAR(10)
The names of the system values to be retrieved. This can be a list of system value names where each name is 10 characters.
- Error code
- I/O; CHAR(*)
The structure in which to return error information. For the format of the structure, see Error code parameter.
Format of Data Returned
The receiver variable holds the information returned about each system value.
The receiver variable has three logical parts:
- The first field specifies the number of system values returned.
- The next fields give the offsets to the system values returned. There is one offset field for each system value returned.
- Next are the system value information tables for the system values returned. There is one system value information table for each system value.
The following table shows the format of the receiver variable. The offset fields are repeated until the offsets for all the system values returned are listed; the system value information table for each system value is repeated in the same way. For a detailed description of each field, see the Field Descriptions.
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | BINARY(4) | Number of system values returned |
4 | 4 | ARRAY(*) of BINARY(4) | Offset to system value information table |
* | * | CHAR(*) | System value information table. This field is repeated for each system value returned. |
Note: Each system value in the table is represented by the standard system value information table described in System Value Information Table. |
To determine the length of the receiver variable, the following calculation should be done. For each system value to be returned, get the length of the data returned for the system value and add 24. After adding the lengths for each system value, add 4. This calculation takes into account the data alignment that needs to be done; therefore, this value is a worst-case estimate. If the calculated length is less than what is needed to return all the system value information, then the value of the Number of system values returned field will match the actual number of system values returned. The system value information for the system values that won't fit will not be returned. For example, if a request is made to return information about 1 system value, and that information will not fit, then the Number of system values returned field will be 0 and there will be no information returned in the System value information table field.
System Value Information Table
The following table shows the format of the system value information table.
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | CHAR(10) | System value |
10 | A | CHAR(1) | Type of data |
11 | B | CHAR(1) | Information status |
12 | C | BINARY(4) | Length of data |
16 | 10 | CHAR(*) | Data |
Field Descriptions
Data. The data returned for the system value.
Information status. Whether the information was available for the system value.
blank | The information was available. |
L | The information was not available because the system value was locked. |
Offset to system values information table. The offset from the beginning of the structure to the start of the system value information.
Length of data. The length of the data returned for the system value. If the information was not available, the length will be zero.
System value. The system value to be retrieved. See Valid System Values for the list of valid system values.
Number of system values returned. The number of system values returned to the application.
Type of data. The type of data returned.
C | The data is returned in character format. |
B | The data is returned in binary format. |
blank | The data is not available. |
Valid System Values
For a detailed description of each field, see System Value Field Descriptions. To find more detailed information about each system value, see the System values topic collection.
System value | Type | Description |
---|---|---|
QABNORMSW | CHAR(1) | Previous end of system indicator |
QACGLVL | ARRAY(8) of CHAR(10) | Accounting level |
QACTJOB | BINARY(4) | Active jobs |
QADLACTJ | BINARY(4) | Additional active jobs |
QADLSPLA | BINARY(4) | Additional storage |
QADLTOTJ | BINARY(4) | Additional total jobs |
QALWJOBITP | CHAR(1) | Allow jobs to be interrupted |
QALWOBJRST | ARRAY(15) of CHAR(10) | Allow object restore options |
QALWUSRDMN | ARRAY(50) of CHAR(10) | Allow user domain |
QASTLVL | CHAR(10) | Assistance level |
QATNPGM | CHAR(20) | Attention program |
QAUDCTL | ARRAY(5) of CHAR(10) | Auditing control |
QAUDENDACN | CHAR(10) | Auditing end action |
QAUDFRCLVL | BINARY(4) | Auditing force level |
QAUDLVL | ARRAY(16) of CHAR(10) | Auditing level |
QAUDLVL2 | ARRAY(99) of CHAR(10) | Auditing level extension |
QAUTOCFG | CHAR(1) | Automatic configuration indicator |
QAUTORMT | CHAR(1) | Automatic configuration for remote controllers |
QAUTOSPRPT | CHAR(1) | Automatic system disabled reporting |
QAUTOVRT | BINARY(4) | Automatic configuration for virtual devices |
QBASACTLVL | BINARY(4) | Base activity level |
QBASPOOL | BINARY(4) | Base pool minimum size |
QBASPOOL2 | BINARY(8) | Base pool minimum size (long) |
QBOOKPATH | ARRAY(5) of CHAR(63) | Book and bookshelf search path |
QCCSID | BINARY(4) | Coded character set identifier |
QCENTURY | CHAR(1) | Century indicator |
QCFGMSGQ | CHAR(20) | Configuration message queue |
QCHRID | CHAR(20) | Character set and code page |
QCHRIDCTL | CHAR(10) | Character identifier control |
QCMNARB | CHAR(10) | Communication arbiters |
QCMNRCYLMT | CHAR(20) | Communications recovery limit |
QCNTRYID | CHAR(2) | Country or region identifier |
QCONSOLE | CHAR(10) | Console name |
QCRTAUT | CHAR(10) | Create authority |
QCRTOBJAUD | CHAR(10) | Create object auditing |
QCTLSBSD | CHAR(20) | Controlling subsystem |
QCURSYM | CHAR(1) | Currency symbol |
QDATE | CHAR(7) | System date |
QDATETIME | CHAR(20) | System date and time |
QDATFMT | CHAR(3) | Date format |
QDATSEP | CHAR(1) | Date separator |
QDAY | CHAR(3) | Day |
QDAYOFWEEK | CHAR(4) | Day of the week |
QDBFSTCCOL | CHAR(10) | Database file statistics collection |
QDBRCVYWT | CHAR(1) | Database recovery wait |
QDECFMT | CHAR(1) | Decimal format |
QDEVNAMING | CHAR(10) | Device naming convention |
QDEVRCYACN | CHAR(20) | Device recovery action |
QDSCJOBITV | CHAR(10) | Disconnect job interval |
QDSPSGNINF | CHAR(1) | Sign-on information |
QDYNPTYADJ | CHAR(1) | Dynamic priority adjustment |
QDYNPTYSCD | CHAR(1) | Dynamic priority scheduler |
QENDJOBLMT | BINARY(4) | End job limit |
QFRCCVNRST | CHAR(1) | Force conversion on restore |
QHOUR | CHAR(2) | Hour |
QHSTLOGSIZ | BINARY(4) | History log size |
QIGC | CHAR(1) | DBCS installed |
QIGCCDEFNT | CHAR(20) | Double-byte coded font name |
QIGCFNTSIZ | BINARY(4) | Double-byte coded font point size |
QINACTITV | CHAR(10) | Inactive job time-out |
QINACTMSGQ | CHAR(20) | Inactive message queue |
QIPLDATTIM | CHAR(13) | Automatic IPL date and time |
QIPLSTS | CHAR(1) | IPL status |
QIPLTYPE | CHAR(1) | IPL type |
QJOBMSGQFL | CHAR(10) | Job message queue full |
QJOBMSGQMX | BINARY(4) | Job message queue maximum size |
QJOBMSGQSZ | BINARY(4) | Job message queue initial size |
QJOBMSGQTL | BINARY(4) | Maximum job message queue initial size |
QJOBSPLA | BINARY(4) | Initial spooling size |
QKBDBUF | CHAR(10) | Keyboard buffer |
QKBDTYPE | CHAR(3) | Keyboard type |
QLANGID | CHAR(3) | Language identifier |
QLEAPADJ | BINARY(4) | Leap year adjustment |
QLIBLCKLVL | CHAR(1) | Library locking level |
QLMTDEVSSN | CHAR(1) | Limit device session |
QLMTSECOFR | CHAR(1) | Limit security officer |
QLOCALE | CHAR(2080) | Locale path name |
QLOGOUTPUT | CHAR(10) | Job log output |
QMAXACTLVL | BINARY(4) | Maximum activity level |
QMAXJOB | BINARY(4) | Maximum number of jobs |
QMAXSGNACN | CHAR(1) | Maximum sign-on action |
QMAXSIGN | CHAR(6) | Maximum not valid sign-on |
QMAXSPLF | BINARY(4) | Maximum spooled files per job |
QMCHPOOL | BINARY(4) | Machine pool size |
QMCHPOOL2 | BINARY(8) | Machine pool size (long) |
QMINUTE | CHAR(2) | Minute |
QMLTTHDACN | CHAR(1) | Multithreaded job action |
QMODEL | CHAR(4) | System model |
QMONTH | CHAR(2) | Month |
QPASTHRSVR | CHAR(10) | Pass-through servers |
QPFRADJ | CHAR(1) | Performance adjustment |
QPRBFTR | CHAR(20) | Problem filter |
QPRBHLDITV | BINARY(4) | Problem hold interval |
QPRCFEAT | CHAR(4) | Processor feature |
QPRCMLTTSK | CHAR(1) | Processor multitasking |
QPRTDEV | CHAR(10) | Printer device |
QPRTKEYFMT | CHAR(10) | Print key format |
QPRTTXT | CHAR(30) | Print text |
QPWDCHGBLK | CHAR(10) | Block password change |
QPWDEXPITV | CHAR(6) | Days password valid |
QPWDEXPWRN | BINARY(4) | Password expiration warning |
QPWDLMTAJC | CHAR(1) | Limit adjacent digits |
QPWDLMTCHR | CHAR(10) | Limit characters |
QPWDLMTREP | CHAR(1) | Limit repeat characters |
QPWDLVL | BINARY(4) | Password level |
QPWDMAXLEN | BINARY(4) | Maximum password length |
QPWDMINLEN | BINARY(4) | Minimum password length |
QPWDPOSDIF | CHAR(1) | Limit character positions |
QPWDRQDDGT | CHAR(1) | Required password digits |
QPWDRQDDIF | CHAR(1) | Duplicate password |
QPWDRULES | ARRAY(50) of CHAR(15) | Password rules |
QPWDVLDPGM | CHAR(20) | Password validation program |
QPWRDWNLMT | BINARY(4) | Power down limit |
QPWRRSTIPL | CHAR(1) | Power restore IPL |
QQRYDEGREE | CHAR(10) | Parallel processing degree |
QQRYTIMLMT | CHAR(10) | Query processing time limit |
QRCLSPLSTG | CHAR(10) | Reclaim spool storage |
QRETSVRSEC | CHAR(1) | Retain server security data |
QRMTIPL | CHAR(1) | Remote IPL |
QRMTSIGN | CHAR(20) | Remote sign-on |
QRMTSRVATR | CHAR(1) | Remote service attribute |
QSAVACCPTH | CHAR(1) | Save access paths |
QSCANFS | ARRAY(20) of CHAR(10) | Scan file systems |
QSCANFSCTL | ARRAY(20) of CHAR(10) | Scan file systems control |
QSCPFCONS | CHAR(1) | IPL action with console problem |
QSECOND | CHAR(2) | Second |
QSECURITY | CHAR(2) | Security level |
QSETJOBATR | ARRAY(16) of CHAR(10) | Set job attributes from locale |
QSFWERRLOG | CHAR(10) | Software error log |
QSHRMEMCTL | CHAR(1) | Shared memory control |
QSPCENV | CHAR(10) | Special environment |
QSPLFACN | CHAR(10) | Spooled file action |
QSRLNBR | CHAR(8) | Serial number |
QSRTSEQ | CHAR(20) | Sort sequence table |
QSRVDMP | CHAR(10) | Service dump |
QSSLCSL | ARRAY(96) of CHAR(40) | Secure sockets layer cipher specification list |
QSSLCSLCTL | CHAR(10) | Secure sockets layer cipher specification list control |
QSSLPCL | ARRAY(10) of CHAR(10) | Secure sockets layer protocols |
QSTGLOWACN | CHAR(10) | Auxiliary storage lower limit action |
QSTGLOWLMT | BINARY(4) | Auxiliary storage lower limit |
QSTRPRTWTR | CHAR(1) | Start printer writer |
QSTRUPPGM | CHAR(20) | Startup program name |
QSTSMSG | CHAR(10) | Status messages |
QSVRAUTITV | BINARY(4) | Server authentication interval |
QSYSLIBL | ARRAY(15) of CHAR(10) | System library list |
QTHDRSCADJ | CHAR(1) | Thread resources adjustment |
QTHDRSCAFN | CHAR(20) | Thread resources affinity |
QTIMADJ | CHAR(30) | Time adjustment |
QTIME | CHAR(9) | System time |
QTIMSEP | CHAR(1) | Time separator |
QTIMZON | CHAR(10) | Time zone |
QTOTJOB | BINARY(4) | Total jobs |
QTSEPOOL | CHAR(10) | Time-slice end pool |
QUPSDLYTIM | CHAR(20) | UPS delay time |
QUPSMSGQ | CHAR(20) | UPS message queue |
QUSEADPAUT | CHAR(10) | Use adopted authority |
QUSRLIBL | ARRAY(25) of CHAR(10) | User library list |
QUTCOFFSET | CHAR(5) | Coordinated universal time offset |
QVFYOBJRST | CHAR(1) | Verify object on restore |
QYEAR | CHAR(2) | Year |
System Value Field Descriptions
Accounting level. QACGLVL is the accounting level. The possible values are:
*NONE | No accounting information is written to a journal. |
*JOB | Job resource use is written to a journal. |
The resources used for spooled and nonspooled print files are written to a journal. |
Active jobs. QACTJOB is the initial number of active jobs for which auxiliary storage is to be allocated during IPL.
Additional active jobs. QADLACTJ specifies the additional number of active jobs for which auxiliary storage is to be allocated. Auxiliary storage is allocated whenever the number of active jobs exceeds the number for which storage has already been allocated.
Additional storage. QADLSPLA specifies the additional storage to add to the spooling control block.
Additional total jobs. QADLTOTJ specifies the additional number of jobs for which auxiliary storage is to be allocated. Auxiliary storage is allocated whenever the number of jobs in the system exceeds the number for which storage has already been allocated.
Allow jobs to be interrupted. QALWJOBITP specifies how the system responds to user initiated requests to interrupt a job to run a user-defined exit program in that job. The Call Job Interrupt Program (QWCJBITP) API contains information about using job interrupt exit programs. The Change Job Interrupt Status (QWCCJITP) API contains information about retrieving and changing the interrupt status of a job. The interrupt status of an active job can be changed at any time but will only take effect when the value of QALWJOBITP allows jobs to be interrupted. The possible values are:
0 | The system will not allow jobs to be interrupted to run user-defined exit programs. All new jobs becoming active will default to be uninterruptible. |
1 | The system will allow jobs to be interrupted to run user-defined exit programs. All new jobs becoming active will default to be uninterruptible. |
2 | The system will allow jobs to be interrupted to run user-defined exit programs. All new jobs becoming active will default to be interruptible. |
Allow object restore options. QALWOBJRST specifies a list of security options that are used when restoring objects to the system.
*ALL | Allow all objects to be restored regardless of whether or not they have security-sensitive attributes or validation errors. |
*NONE | Does not allow objects with security-sensitve attributes to be restored. |
*ALWSYSSTT | Allow programs, service programs, and modules with the system-state and inherit-state attribute to be restored. |
*ALWPGMADP | Allow programs and service programs with the adopt attribute to be restored. |
*ALWPTF | Allow system-state and inherit-state programs, service programs, modules that adopt authority, objects that have the S_ISUID(set-user-ID) attribute enabled, and objects that have the S-ISGID(set-group-ID) attribute enabled to be restored to the system during PTF install. |
*ALWSETUID | Allow restore of files that have the S_ISUID (set-user-ID) attribute enabled. |
*ALWSETGID | Allow restore of files that have the S_ISGID (set-group-ID) attribute enabled. |
*ALWVLDERR | Allow objects with validation errors to be restored. |
Allow user domain. QALWUSRDMN is the allow user domain system value. It specifies a list of library names that can contain user domain objects.
*ALL | All libraries and integrated file system directories on the system can contain user domain objects. |
*DIR | Any SOM® object in a directory in the integrated file system can contain user domain objects. *DIR does not apply to the QSYS and QDLS file systems. *DIR is mutually exclusive with *ALL. |
Library names | A list of library names that can contain user domain objects. |
Assistance level. QASTLVL is the assistance level system value. The value specifies the level of assistance available to users of the system.
*BASIC | Operational Assistant level of system displays is available. |
*INTERMED | Intermediate level of system displays is available. |
*ADVANCED | Advanced level of system displays is available. |
Attention program. QATNPGM is the attention program system value. The first 10 characters contain the program name and the last 10 characters contain the library name. The following special values are allowed:
*ASSIST | The Operational Assistant main menu appears when the Attention key is pressed. |
*NONE | No attention program is called when the Attention key is pressed. |
Auditing control. The QAUDCTL system value is the on/off switch for object- and user-level auditing. The values allowed are:
*NOTAVL | The user is not authorized to retrieve the current auditing value. You cannot change the system value to not available (*NOTAVL). |
*NONE | No security auditing is done on the system. No security auditing is done on the system. |
*OBJAUD | Actions against objects that have an object audit value other than *NONE will be audited. An object's audit value is set through the Change Audit (CHGAUD) command or the Change Object Audit (CHGOBJAUD) command. |
*AUDLVL | The actions specified in the QAUDLVL and QAUDLVL2 system values will be logged to the security journal. Also actions specified by a user profile's action auditing values will be audited. A user profile's action auditing values are set through the AUDLVL parameter on the Change User Audit (CHGUSRAUD) command. |
*NOQTEMP | No auditing of most objects in QTEMP is done. You must specify *NOQTEMP with either *OBJAUD or *AUDLVL. You can not specify *NOQTEMP by itself. |
Auditing end action. The QAUDENDACN system value indicates the action to be taken if auditing data cannot be written to the security auditing journal. These are the allowable values for the QAUDENDACN system value:
*NOTAVL | The user is not authorized to retrieve the current auditing value. You cannot change the system value to not available (*NOTAVL). |
*NOTIFY | The action that caused the audit to be attempted will continue after notification of failure to send the journal entry to the security auditing journal is sent to the QSYSOPR and QSYSMSG message queues. |
*PWRDWNSYS | The system ends with a system reference code (SRC) if sending of the audit data to the security audit journal fails. The system will then be brought up in a restricted state on the following IPL. |
Auditing force level. The QAUDFRCLVL system value indicates to the system the number of auditing journal entries written to the security auditing journal before the auditing data is written to auxiliary storage. The following values are allowed:
0 | The system will write the journal entries to auxiliary storage only when the system determines the journal entries should be written based on internal system processing. |
1-100 | The system will write the journal entries to auxiliary storage when this number of journal entries has been written to the security auditing journal. |
-1 | The user is not authorized to retrieve the current auditing value. You cannot change the system value to -1. |
Auditing level. QAUDLVL is the security auditing level. This system value controls the level of action auditing on the system.
If the QAUDLVL system value contains the value *AUDLVL2, then the values in the QAUDLVL2 system value will also be used. If the QAUDLVL system value does not contain the value *AUDLVL2, then the values in the QAUDLVL2 will be ignored.
The values allowed are:
*AUDLVL2 | Both QAUDLVL and QAUDLVL2 system values will be
used to determine the security actions to be audited.
Notes:
|
*ATNEVT | Attention events are audited. |
*AUTFAIL | Authorization failures are audited. |
*CREATE | All object creations are audited. Objects created into library QTEMP are not audited. |
*DELETE | All deletions of external objects on the system are audited. Objects deleted from library QTEMP are not audited. |
*JOBBAS | Base actions that affect a job are audited. |
*JOBCHGUSR | Actions that change a thread's active user profile or its group profiles are audited. |
*JOBDTA | Actions that affect a job are audited.
Note: *JOBDTA is composed of two values to allow you to better customize your auditing. If you specify both of the values, you will get the same auditing as if you specified *JOBDTA. The following values make up *JOBDTA.
|
*NETBAS | Network base functions are audited. |
*NETCLU | Actions that affect a cluster resource group are audited. |
*NETCMN | Networking and communications functions are audited.
Note: *NETCMN is composed of several values to allow you to better customize your auditing. If you specify all of the values, you will get the same auditing as if you specified *NETCMN. The following values make up *NETCMN.
|
*NETFAIL | Network failures are audited. |
*NETSCK | Sockets tasks are audited. |
*NONE | No security action auditing will occur on the system. |
*NOTAVL | The user is not authorized to retrieve the current auditing value. You cannot change the system value to not available (*NOTAVL). |
*OBJMGT | Generic object tasks are audited. |
*OFCSRV | Auditing of OfficeVision® licensed program. |
*OPTICAL | All optical functions are audited. |
*PGMADP | Adopting authority from a program owner is audited. |
*PGMFAIL | Integrity violations (for example, blocked instruction, validation value failure, and domain violation) are audited. |
*PRTDTA | Printing functions are audited. |
*PTFOBJ | Changes to Program Temporary Fix (PTF) objects are audited. |
*PTFOPR | Program Temporary Fix (PTF) operations are audited. |
*SAVRST | Save and restore information is audited. |
*SECCFG | Security configuration is audited. |
*SECDIRSRV | Changes or updates when doing directory service functions are audited. |
*SECIPC | Changes to interprocess communications are audited. |
*SECNAS | Network authentication service actions are audited. |
*SECRUN | Security run time functions are audited. |
*SECSCKD | Socket descriptors are audited. |
*SECURITY | All security-related functions are audited.
Note: *SECURITY is composed of several values to allow you to better customize your auditing. If you specify all of the values, you will get the same auditing as if you specified *SECURITY. The following values make up *SECURITY.
|
*SECVFY | Use of verification functions are audited. |
*SECVLDL | Changes to validation list objects are audited. |
*SERVICE | Use of the system service tools by a user will be audited. |
*SPLFDTA | Spool file auditing. |
*SYSMGT | Use of system management functions by an audited user will be audited. |
Auditing level extension. QAUDLVL2 is the security auditing level extension. This system value is required when more than sixteen auditing values are needed. Specifying *AUDLVL2 as one of the values in the QAUDLVL system value will cause the system to also look for auditing values in the QAUDLVL2 system value.
If the QAUDLVL system value contains the value *AUDLVL2, then the values in the QAUDLVL2 system value will also be used. If the QAUDLVL system value does not contain the value *AUDLVL2, then the values in the QAUDLVL2 will be ignored.
The values allowed are:
*ATNEVT | Attention events are audited. |
*AUTFAIL | Authorization failures are audited. |
*CREATE | All object creations are audited. Objects created into library QTEMP are not audited. |
*DELETE | All deletions of external objects on the system are audited. Objects deleted from library QTEMP are not audited. |
*JOBBAS | Base actions that affect a job are audited. |
*JOBCHGUSR | Actions that change a thread's active user profile or its group profiles are audited. |
*JOBDTA | Actions that affect a job are audited.
Note: *JOBDTA is composed of two values to allow you to better customize your auditing. If you specify both of the values, you will get the same auditing as if you specified *JOBDTA. The following values make up *JOBDTA.
|
*NETBAS | Network base functions are audited. |
*NETCLU | Actions that affect a cluster resource group are audited. |
*NETCMN | Networking and communications functions are audited.
Note: *NETCMN is composed of several values to allow you to better customize your auditing. If you specify all of the values, you will get the same auditing as if you specified *NETCMN. The following values make up *NETCMN.
|
*NETFAIL | Network failures are audited. |
*NETSCK | Sockets tasks are audited. |
*NONE | No auditing values are contained in this
system value.
Notes:
|
*NOTAVL | The user is not authorized to retrieve the current auditing value. You cannot change the system value to not available (*NOTAVL). |
*OBJMGT | Generic object tasks are audited. |
*OFCSRV | Auditing of OfficeVision licensed program. |
*OPTICAL | All optical functions are audited. |
*PGMADP | Adopting authority from a program owner is audited. |
*PGMFAIL | Integrity violations (for example, blocked instruction, validation value failure, and domain violation) are audited. |
*PRTDTA | Printing functions are audited. |
*PTFOBJ | Changes to Program Temporary Fix (PTF) objects are audited. |
*PTFOPR | Program Temporary Fix (PTF) operations are audited. |
*SAVRST | Save and restore information is audited. |
*SECCFG | Security configuration is audited. |
*SECDIRSRV | Changes or updates when doing directory service functions are audited. |
*SECIPC | Changes to interprocess communications are audited. |
*SECNAS | Network authentication service actions are audited. |
*SECRUN | Security run time functions are audited. |
*SECSCKD | Socket descriptors are audited. |
*SECURITY | All security-related functions are audited.
Note: *SECURITY is composed of several values to allow you to better customize your auditing. If you specify all of the values, you will get the same auditing as if you specified *SECURITY. The following values make up *SECURITY.
|
*SECVFY | Use of verification functions are audited. |
*SECVLDL | Changes to validation list objects are audited. |
*SERVICE | Use of the system service tools by a user will be audited. |
*SPLFDTA | Spool file auditing. |
*SYSMGT | Use of system management functions by an audited user will be audited. |
Automatic configuration for remote controllers. QAUTORMT allows the configuration of remote controllers. The possible values are:
0 | Automatic configuration is off. |
1 | Automatic configuration is on. |
Automatic configuration for virtual device. QAUTOVRT is the system value for automatic configuration of virtual devices. This is the number of virtual devices that the user wants to have automatically configured. The possible values are:
0-32500 | The number of virtual devices that the user wants to have automatically configured. |
32767 | There is no maximum number of virtual devices that the user wants to have automatically configured. |
-1 | The program registered for the Virtual Device Selection (QIBM_QPA_DEVSEL) exit point is called when a virtual device description needs to be selected or automatically created by the system. If the program registered for the exit point does not exist or if it returns with an error, the system will handle the situation as if the QAUTOVRT system value is set to 0. |
Automatic configuration indicator. The QAUTOCFG system value automatically configures devices. The value specifies whether devices that are added to the system are configured automatically.
0 | Automatic configuration is off. |
1 | Automatic configuration is on. |
Automatic IPL date and time. QIPLDATTIM is the system value for the date and time to automatically do an IPL of the system. It specifies a date and time when an automatic IPL should occur. The special value *NONE indicates that no timed automatic IPL is desired. The format of the field returned is CYYMMDDHHMMSS, where C is the century, YY is the year, MM is the month, DD is the day, HH is the hour, MM is the minute, and SS is the second. A 0 for the century flag indicates years 19xx, and a 1 indicates years 20xx.
Automatic system disabled reporting. The QAUTOSPRPT system value controls the automatic problem reporting ability. The value allows the system to automatically report a problem. The possible values are:
0 | Automatic system disabled reporting is off. |
1 | Automatic system disabled reporting is on. |
Auxiliary storage lower limit. QSTGLOWLMT is the percentage (in 10 thousandths) of the system auxiliary storage pool that remains available when the critical storage lower limit is reached. For example, a value of 50000 in binary would be 5.0000.
Auxiliary storage lower limit action. QSTGLOWACN is the action taken when the auxiliary storage lower limit (QSTGLOWLMT system value) is reached. The possible actions are:
*MSG | Message CPI099C is sent to the QSYSMSG and the QSYSOPR message queues. (This message is also sent for each of the following actions.) |
*CRITMSG | Message CPI099B is sent to the user who is specified by the Critical messages to user service attribute. Service attributes can be changed by using the Change Service Attributes (CHGSRVA) command. |
*REGFAC | A job is submitted to run any exit programs that are registered for the QIBM_QWC_QSTGLOWACN exit point. |
*ENDSYS | The system is ended and left in the restricted state. |
*PWRDWNSYS | The system is powered down immediately and restarted. |
Base activity level. QBASACTLVL is the base-storage-pool activity level. This value indicates how many system and user jobs can compete at the same time for storage in the base storage pool.
Base pool minimum size. QBASPOOL is the minimum size of the base storage pool. The base pool contains all main storage not allocated by other pools. QBASPOOL is specified in kilobytes. If the base pool minimum size is larger than 2,147,483,647 kilobytes, a value of 2,147,483,647 will be returned in the BINARY(4) field. QBASPOOL2 can be specified as the system value name to retrieve a BINARY(8) field.
Base pool minimum size (long). QBASPOOL2 is the minimum size of the base storage pool. The base pool contains all main storage not allocated by other pools. QBASPOOL2 is specified in kilobytes.
Block password change. QPWDCHGBLK specifies the time period during which a password is blocked from being changed following the prior successful password change operation. This system value does not restrict password changes made by the Change User Profile (CHGUSRPRF) command. The possible values are:
*NONE | There is no restriction on how frequently a user can change a password. |
1-99 | The number of hours a user must wait after the prior successful password change operation before they can change the password again. |
Book and bookshelf search path. QBOOKPATH specifies which directories should be searched for books.
Century indicator. QCENTURY specifies the century value for the system date. The possible values are:
0 | Indicates years 19xx. |
1 | Indicates years 20xx. |
Character identifier control. QCHRIDCTL specifies the character identifier control for the job. This attribute controls the type of CCSID conversion that occurs for display files, printer files, and panel groups. The *CHRIDCTL special value must be specified on the CHRID command parameter on the create, change, or override command for display files, printer files, and panel groups before this attribute will be used. The possible values are:
*DEVD | The *DEVD special value performs the same function as on the CHRID command parameter for display files, printer files, and panel groups. |
*JOBCCSID | The *JOBCCSID special value performs the same function as on the CHRID command parameter for display files, printer files, and panel groups. |
Character set and code page. QCHRID is the default character set and code page. The QCHRID system value is retrieved as a single character value; the first 10 characters contain the character set identifier right-justified. For example, the value 101 would be retrieved as 0000000101. The last 10 characters contain the code page identifier right-justified. For example, the value 37 would be retrieved as 0000000037.
Coded character set identifier. QCCSID is the system value for coded character set identifiers.
Communication arbiters. QCMNARB specifies the number of communication arbiter jobs. The possible values are:
*CALC | The operating system calculates the number of communication arbiter jobs. |
0-99 | The number of communication arbiter jobs. |
Communications recovery limit. QCMNRCYLMT is the system value for communications recovery limits. The QCMNRCYLMT system value is retrieved as a 20-character value; the first 10 characters contain the count limit right-justified. For example, the value 7 would be retrieved as 0000000007. The last 10 characters contain the time interval right-justified. For example, the value 117 would be retrieved as 0000000117.
Configuration message queue. QCFGMSGQ is the configuration message queue system value. This message queue can be used to receive messages associated with configuration objects, such as lines and controllers. The first 10 characters contain the message queue name and the last 10 characters contain the library name.
Console name. QCONSOLE is the console name. This value specifies the name of the display device that is the console.
Controlling subsystem. QCTLSBSD is the controlling subsystem description. The controlling subsystem is the first subsystem to start after an IPL. The value of QCTLSBSD is a 20-character list of up to two 10-character values in which the first is the subsystem description name and the second is the library name.
Coordinated universal time offset. QUTCOFFSET is the system value indicating the difference in hours and minutes between Coordinated Universal Time (UTC), also known as Greenwich mean time, and the current local system time.
- +hhmm means that the current system time is hh hours and mm minutes ahead of UTC.
- -hhmm means that the current system time is hh hours and mm minutes behind UTC.
Country or region identifier. QCNTRYID is the system value for the country or region identifier. This value specifies the country or region identifier to be used as the default on the system.
Create authority. QCRTAUT is the create authority system value. This value allows the default public authority for the create (CRTxxx) commands to be set system-wide. The values allowed are:
*CHANGE | Allows you to change the contents of an object. |
*ALL | Allows you to read, change, delete, and manage the security of an object. |
*USE | Allows you to create an object, to display the contents of an object, or to refer to the contents of an attached object when a command being requested must access attached objects and their contents. |
*EXCLUDE | Allows no access to an object. |
Create object auditing. The QCRTOBJAUD system value indicates the default auditing value for new objects created into a library or directory on the system. These are the allowable values for the QCRTOBJAUD system value.
*NOTAVL | The user is not authorized to retrieve the current auditing value. You cannot change the system value to not available (*NOTAVL). |
*NONE | No auditing entries are sent for this object when it is used or changed. |
*USRPRF | Auditing entries are sent for this object when it is used or changed by a user who is currently being audited. If the user who uses or changes this object is not being audited, no auditing entries are sent. To audit a user, you must use the Change User Auditing (CHGUSRAUD) command to change the user profile to that user profile. |
*CHANGE | Auditing entries are sent for this object when it is changed. |
*ALL | Auditing entries are sent for this object when it is used or changed. |
Currency symbol. QCURSYM is the system value for the currency symbol. QCURSYM can be any character except blank, hyphen (-), ampersand (&), asterisk (*), or zero (0).
Database file statistics collection. QDBFSTCCOL is the system value that specifies the type of statistic collection requests that will be allowed to be processed in the background by the database statistics system job, QDBFSTCCOL. Statistic collections which are requested by either a user or automatically by the database manager to be processed in the foreground are not affected by this system value. The values for QDBFSTCCOL can be:
*NONE | No database file statistics collections are allowed to be processed by the database statistics system job. |
*USER | Only user requested database file statistics collections are allowed to be processed by the database statistics system job. |
*SYSTEM | Only automatically generated statistic collections requested by the database manager are allowed to be processed by the database statistics system job. |
*ALL | All user requested database statistics collections and statistic collections automatically requested by the database manager are allowed to be processed by the database statistics system job. |
Database recovery wait. QDBRCVYWT is the database recovery wait indicator. QDBRCVYWT can be:
0 | Does not wait for database recovery to complete before completing the IPL. |
1 | Waits for database recovery to complete before completing the IPL. |
Date format. QDATFMT is the system date format. This system value can be YMD, MDY, DMY, or JUL (Julian format), where Y equals year, M equals month, and D equals day.
Date separator. QDATSEP is the character separator for dates. QDATSEP can be slash (/), hyphen (-), period (.), comma (,), or blank.
Day. QDAY is the system value for the day of the month or year (if the date format is Julian). For Julian dates only, QDAY is a 3-character value (001 through 366).
Day of the week. QDAYOFWEEK specifies the day of the week. The possible values are:
*SUN | Sunday |
*MON | Monday |
*TUE | Tuesday |
*WED | Wednesday |
*THU | Thursday |
*FRI | Friday |
*SAT | Saturday |
Days password valid. QPWDEXPITV is the system value for the password expiration interval. It controls the number of days that passwords are valid by keeping track of the number of days since you changed your password or created a user profile. The possible values are:
*NOMAX | A password can be used an unlimited number of days. |
1-366 | The number of days before the password cannot be used. |
DBCS installed. QIGC is the DBCS version indicator. This value specifies if the DBCS version of the system is installed. QIGC can be:
0 | A DBCS version is not installed. |
1 | A DBCS version is installed. |
Decimal format. QDECFMT is the decimal format. QDECFMT must be one of the following characters:
blank | Uses a period for a decimal point, a comma for a 3-digit grouping character, and zero-suppress to the left of the decimal point. |
J | Uses a comma for a decimal point and a period for a 3-digit grouping character. The zero-suppression character is in the second position (rather than the first) to the left of the decimal notation. Balances with zero values to the left of the comma are written with one leading zero (0,04). The J entry also overrides any edit codes that might suppress the leading zero. |
I | Uses a comma for a decimal point, a period for a 3-digit grouping character, and zero-suppress to the left of the decimal point. |
Device naming convention. QDEVNAMING is the device naming convention. This value specifies what naming convention is used when the system automatically creates device descriptions. QDEVNAMING must be one of the following values:
*NORMAL | Naming conventions should follow System i™ standards. |
*S36 | Naming conventions should follow System/36™ standards. |
*DEVADR | Device names are derived from the device address. |
Device recovery action. QDEVRCYACN specifies what action to take when an I/O error occurs for an interactive job's work station. The values for QDEVRCYACN are:
*MSG | Signals the I/O error message to the user's application program. |
*DSCENDRQS | Disconnects the job. When signing on again, a cancel request function is performed to return control of the job back to the last request level. |
*DSCMSG | Disconnects the job. When signing on again, an error message is sent to the user's application. |
*ENDJOB | Ends the job. A job log is produced for the job. |
*ENDJOBNOLIST | Ends the job. A job log is not produced for the job. |
Disconnect job interval. QDSCJOBITV indicates the length of time, in minutes, an interactive job can be disconnected before it is ended. The values for QDSCJOBITV are:
5-1440 | The range of the disconnect interval. |
*NONE | There is no disconnect interval. |
Double-byte coded font name. QIGCCDEFNT is the system value for the double-byte coded font name. QIGCCDEFNT is a 20-character list of up to two values in which the first 10 characters contain the coded font name and the last 10 characters contain the library name. *NONE means no coded font is identified to the system.
Double-byte coded font point size. QIGCFNTSIZ is the system value for the double-byte coded font point size. The values for QIGCFNTSIZ are:
0 | There is no defined double-byte coded font point size. |
1-9999 | The double-byte coded font point size in tenths. For example, a value of 9999 in binary would be 999.9. |
Duplicate password. QPWDRQDDIF controls duplicate passwords. The possible values are:
0 | A password can be the same as any previously used password (except the immediately preceding password). |
1 | A password must be different from the previous 32 passwords. |
2 | A password must be different from the previous 24 passwords. |
3 | A password must be different from the previous 18 passwords. |
4 | A password must be different from the previous 12 passwords. |
5 | A password must be different from the previous 10 passwords. |
6 | A password must be different from the previous 8 passwords. |
7 | A password must be different from the previous 6 passwords. |
8 | A password must be different from the previous 4 passwords. |
Dynamic priority adjustment. The QDYNPTYADJ system value controls the dynamic priority adjustment. Possible values are as follows:
0 | Dynamic priority adjustment is off. |
1 | Dynamic priority adjustment is on. |
Dynamic priority scheduler. The QDYNPTYSCD system value controls the dynamic priority scheduler algorithm. The value allows the use of the dynamic priority scheduler. Possible values are as follows:
0 | Dynamic priority scheduler is off. |
1 | Dynamic priority scheduler is on. |
End job limit. The QENDJOBLMT system value is the maximum time for application clean up during immediate ending of a job. QENDJOBLMT is numeric and is specified in seconds.
Force conversion on restore. QFRCCVNRST is the system value that allows you to specify whether or not to convert the following object types during a restore: program (*PGM), service program (*SRVPGM), SQL package (*SQLPKG), and module (*MODULE). The possible values for QFRCCVNRST are as follows:
0 | Do not convert anything. |
1 | Objects with validation errors will be converted. |
2 | Objects requiring conversion to be used on the current version of the operating system, or on the current machine, and objects with validation errors will be converted. |
3 | Objects suspected of having been tampered with, objects containing validation errors, and objects requiring conversion to be used by the current version of the operating system or on the current machine will be converted. |
4 | Objects that contain sufficient creation data to be converted and do not have valid digital signatures will be converted. |
5 | Objects that contain sufficient creation data will be converted. |
6 | All objects that do not have valid digital signatures will be converted. |
7 | All objects will be converted. |
Any object that should be converted but cannot be converted will not be restored.
History log size. QHSTLOGSIZ is the maximum number of records for each version of the history log. The following values are returned:
-1 | A new version of the history log is created each time the date in the history log messages changes, or when the current version reaches the maximum size of 10,000,000 records. |
1-10,000,000 | A new version of the history log is created when the size of the current version reaches the specified value. |
Hour. QHOUR is the system value for the hour of the day. Hours are based on a 24-hour clock. Its value can range from 00 through 23.
Inactive job time-out. QINACTITV specifies the inactive job time-out interval in minutes. It specifies when the system takes action on inactive interactive jobs. QINACTITV must be one of the following values:
*NONE | The system does not check for inactive interactive jobs. |
5-300 | The number of minutes a job can be inactive before action is taken. |
Inactive message queue. QINACTMSGQ is the system value for the inactive message queue. QINACTMSGQ is a 20-character list of up to two 10-character values where the first is the message queue name and the second is the library name. The following special values are allowed.
*DSCJOB | The interactive job is disconnected, as is any secondary or group job associated with it. |
*ENDJOB | The interactive job is ended, along with any secondary job and any group job associated with it. |
Initial spooling size. QJOBSPLA specifies the initial size of the spooling control block for a job.
IPL action with console problem. QSCPFCONS is the IPL action with a console problem indicator. This value specifies whether the IPL is to continue unattended or ends when the console is not operational when performing an attended IPL. QSCPFCONS can be:
0 | End system. |
1 | Continue the IPL unattended. |
IPL status. QIPLSTS is the IPL status indicator. This value indicates what form of IPL has occurred.
0 | Operator panel IPL. |
1 | Automatic IPL after power restored. |
2 | Restart IPL. |
3 | Time-of-day IPL. |
4 | Remote IPL. |
IPL type. QIPLTYPE indicates the type of IPL to perform. This value specifies the type of IPL performed when the system is powered on manually with the key in the normal position. QIPLTYPE can be:
0 | Unattended. |
1 | Attended with dedicated service tools. |
2 | Attended with console in debug mode. |
Job log output. QLOGOUTPUT specifies how the job log will be produced when a job completes. This does not affect job logs produced when the message queue is full and the job message queue full action specifies *PRTWRAP. Messages in the job message queue are written to a spooled file, from which the job log can be printed, unless the Control Job Log Output (QMHCTLJL) API was used in the job to specify that the messages in the job log are to be written to a database file.
The job log output value can be changed at any time until the job log has been produced or removed. To change the job log output value for a job, use the Change Job (QWTCHGJB) API or the Change Job (CHGJOB) command.
The job log can be displayed at any time until the job log has been produced or removed. To display the job log, use the Display Job Log (DSPJOBLOG) command.
The job log can be removed when the job has completed and the job log has not yet been produced or removed. To remove the job log, use the Remove Pending Job Log (QWTRMVJL) API or the End Job (ENDJOB) command.
The possible values are:
*JOBEND | The job log will be produced by the job itself. If the job cannot produce its own job log, the job log will be produced by a job log server. For example, a job does not produce its own job log when the system is processing a Power Down System (PWRDWNSYS) command. |
*JOBLOGSVR | The job log will be produced by a job log server. For more information about job log servers, see the Start Job Log Server (STRLOGSVR) command. |
*PND | The job log will not be produced. The job log remains pending until removed. |
Job message queue full. QJOBMSGQFL specifies if the job message queue should be allowed to wrap.
*NOWRAP | When the job message queue is full, do not wrap. This action causes the job to end. |
*WRAP | When the job message queue is full, wrap to the beginning and start filling again. |
*PRTWRAP | When the job message queue is full, wrap the message queue and print the messages that are being overlaid because of the wrapping. |
Job message queue initial size. QJOBMSGQSZ specifies the initial size of the job message queue. QJOBMSGQSZ is numeric and is specified in kilobytes.
Job message queue maximum size. QJOBMSGQMX specifies the maximum size of the job message queue. QJOBMSGQMX is numeric and is specified in megabytes.
Keyboard buffer. QKBDBUF specifies whether the type-ahead feature and Attention key buffering option should be used.
*TYPEAHEAD | The type-ahead feature is turned on, and the Attention key buffering option is turned off. |
*NO | The type-ahead feature and the Attention key buffering option are turned off. |
*YES | The type-ahead feature and the Attention key buffering option are turned on. |
Keyboard type. QKBDTYPE specifies the language character set for the keyboard.
Language identifier. QLANGID is the system value for the language identifier. This system value specifies the language identifier to be used as the default for the system.
Leap year adjustment. QLEAPADJ is the system value for leap year adjustment. It is used to adjust the system calendar algorithm for the leap year in different calendar systems.
Library locking level. The QLIBLCKLVL system value controls whether libraries in a job's library search list are locked by that job. The *SHRRD locks prevent other jobs from deleting or renaming the libraries. System jobs, subsystem monitor jobs, and secondary threads do not lock libraries in their library search list. A change to this system value takes effect for all jobs that become active after the change. The shipped value is 1. The possible values are as follows:
0 | Libraries in a user job's library search list are not locked. |
1 | Libraries in a user job's library search list are locked by that job. |
Limit adjacent digits. QPWDLMTAJC limits adjacent digits in a password. It specifies whether adjacent digits are allowed in passwords. The possible values are:
0 | Adjacent digits are allowed in passwords. |
1 | Adjacent digits are not allowed in passwords. |
Note: This system value is ignored if the QPWDRULES system value specifies any value other than *PWDSYSVAL.
Limit character positions. QPWDPOSDIF controls the position of characters in a new password. This prevents the user from specifying the same character in a password corresponding to the same position in the previous password.
A change to this system value takes effect the next time a password is changed. The shipped value is 0.
0 | The same characters can be used in a position corresponding to the same position in the previous password. |
1 | The same character cannot be used in a position corresponding to the same position in the previous password. |
Note: This system value is ignored if the QPWDRULES system value specifies any value other than *PWDSYSVAL.
Limit characters. QPWDLMTCHR limits the use of certain characters in a password. The possible values are:
*NONE | There are no restricted characters. |
restricted-characters | Up to 10 restricted characters can be specified. Valid characters are A through Z, 0 through 9, and special characters such as number sign (#), dollar ($), underscore (--), or at sign (@). |
Note: This system value is ignored if the system is operating at QPWDLVL (password level) 2 or 3.
Note: This system value is ignored if the QPWDRULES system value specifies any value other than *PWDSYSVAL.
Limit device session. QLMTDEVSSN is the system value for limiting device sessions. It controls the number of device sessions a user can sign-on.
0 | A user is not limited to a specific number of device sessions. |
1-9 | Indicates maximum number of concurrent device sessions. |
Limit repeat characters. QPWDLMTREP limits the use of repeating characters in a password. The possible values are:
0 | Characters can be used more than once. |
1 | Characters cannot be used more than once. |
2 | Characters can be used more than once but cannot be repeated consecutively. |
Note: This system value is ignored if the QPWDRULES system value specifies any value other than *PWDSYSVAL.
Limit security officer. QLMTSECOFR is the system value for limiting QSECOFR device access. It controls whether users with *ALLOBJ or *SERVICE special authority need explicit authority to specific work stations. The possible values are:
0 | A user with *ALLOBJ or *SERVICE special authority can sign-on any device. |
1 | A user with *ALLOBJ or *SERVICE special authority can sign-on only at a device to which they have explicit authority. |
Locale path name. The QLOCALE system value specifies the locale object that is to be used. The possible values include a valid path name or one of the following special values:
*NONE | No locale object is specified. |
*C | A predefined locale object is to be used. |
*POSIX | A predefined locale object is to be used. |
The locale name is returned in UCS-2 in the following format:
BINARY(4) | CCSID of the returned locale path name |
CHAR(2) | Country or region ID |
CHAR(3) | Language ID |
CHAR(3) | Reserved field |
BINARY(4) | Flag byte |
BINARY(4) | Number of bytes in the locale path name |
CHAR(2) | Locale delimiter |
CHAR(10) | Reserved field |
CHAR(2048) | Locale path name |
Note: If the locale name is either the special value *C or *POSIX, a length of 1 is returned. If *NONE is specified, a length of 0 is returned. These values are returned in the default CCSID of the job.
Machine pool size. QMCHPOOL is the size of the machine storage pool. The machine storage pool contains shared machine and IBM® i licensed programs. QMCHPOOL is specified in kilobytes. If the machine pool size is larger than 2,147,483,647 kilobytes, a value of 2,147,483,647 will be returned in the BINARY(4) field. QMCHPOOL2 can be specified as the system value name to retrieve a BINARY(8) field.
Machine pool size (long). QMCHPOOL2 is the size of the machine storage pool. The machine storage pool contains shared machine and IBM ® i licensed programs. QMCHPOOL2 is specified in kilobytes.
Maximum activity level. QMAXACTLVL is the maximum activity level of the system. This is the number of jobs that can compete at the same time for main storage and processor resources.
Maximum number of jobs. QMAXJOB specifies the maximum number of jobs allowed on the system.
Maximum password length. QPWDMAXLEN specifies the maximum length of a password. It controls the maximum number of characters in a password. The possible values are:
1-128 | The maximum number of characters that can be specified for a password. If the system is operating at QPWDLVL (password level) 0 or 1, the valid range is 1-10. If the system is operating at QPWDLVL 2 or 3, the valid range is 1-128. |
Note: This system value is ignored if the QPWDRULES system value specifies any value other than *PWDSYSVAL.
Maximum job message queue initial size. QJOBMSGQTL is the maximum initial size of the job message queue. QJOBMSGQTL is numeric and is specified in kilobytes.
Maximum not valid sign-on. QMAXSIGN specifies the maximum number of incorrect sign-on attempts allowed. The possible values are:
1-25 | The maximum number of sign-on attempts allowed. |
*NOMAX | There is no maximum number of sign-on attempts. |
Maximum sign-on action. QMAXSGNACN specifies the maximum sign-on attempts action or how the system reacts when the maximum number of consecutive incorrect sign-on attempts (the system value QMAXSIGN) is reached. The possible values are:
1 | Varies off the device if limit is reached. |
2 | Disables the user profile if limit is reached. |
3 | Varies off the device and disables the user profile if the limit is reached. |
Maximum spooled files per job. QMAXSPLF specifies the maximum number of spooled files that can be created per job. A job can have more than the maximum number of spooled files specified by this system value if the spooled files existed before the system value was set to a lower number.
Minimum password length. QPWDMINLEN specifies the minimum length of a password. It controls the minimum number of characters in a password. The possible values are:
1-128 | The minimum number of characters that can be specified for a password. If the system is operating at QPWDLVL (password level) 0 or 1, the valid range is 1-10. If the system is operating at QPWDLVL 2 or 3, the valid range is 1-128. |
Note: This system value is ignored if the QPWDRULES system value specifies any value other than *PWDSYSVAL.
Minute. QMINUTE is the system value for the minute of the hour. Its value can range from 00 through 59.
Month. QMONTH is the system value for the month of the year. It will be blank if the date format specified in system value QDATFMT is Julian (JUL). Its value can range from 1 through 12.
Multithreaded job action. QMLTTHDACN is the system value for multithreaded job action. This value controls the action to be taken when a function that may not be threadsafe is called in a multithreaded job. The possible values are:
1 | Perform the function that is not threadsafe without sending a message. |
2 | Perform the function that is not threadsafe and send an informational message. |
3 | Do not perform the function that is not threadsafe. |
Parallel processing degree. QQRYDEGREE specifies the parallel processing option, which will also determine the types of parallel processing allowed. There are two types of parallel processing: input/output (I/O) parallel processing and symmetric multiprocessing (SMP). With I/O parallel processing, the database manager can use multiple tasks for each query to do the I/O processing. The central processing unit (CPU) processing will still be done serially. With SMP the CPU and I/O processing is assigned to tasks that run the query in parallel. Actual CPU parallelism requires a system with multiple processors. SMP parallelism can only be used if the system feature DB2® Symmetric Multiprocessing for IBM® i is installed.
*NONE | No parallel processing is allowed for database query processing. |
*IO | Any number of tasks may be used when the database query optimizer chooses to use I/O parallel processing for queries. SMP parallel processing is not allowed. |
*OPTIMIZE | The query optimizer can choose to use any number
of tasks for either I/O or SMP parallel processing to process the query. Use of
parallel processing and the number of tasks used is determined with respect to
the following:
|
*MAX | The query optimizer can choose to use either I/O or SMP parallel processing to process the query. The choices made by the query optimizer will be similar to those made for the value *OPTIMIZE except the optimizer will assume that all active memory in the pool can be used to process the query. |
Pass-through servers. QPASTHRSVR specifies the number of target display station pass-through server jobs that are available to process the System i display station pass-through, IBM i Access workstation function (WSF), and other 5250 emulation programs on programmable workstations. The possible values are:
*CALC | The operating system calculates the number of server jobs. |
0-100 | The number of server jobs. |
Password expiration warning. QPWDEXPWRN controls the number of days prior to a password expiring to begin displaying password expiration warning messages on the Sign-on Information display. The possible values are:
1-99 | The number of days prior to the password expiring to begin displaying the password expiration warning message. |
Password level. QPWDLVL specifies the level of password support on the system. The possible values are:
0 | User profile passwords with a length of 1-10 characters are supported. |
1 | User profile passwords with a length of 1-10 characters are supported. i5/OS NetServer™ passwords for Windows® 95/98/ME clients will be removed from the system. |
2 | User profile passwords with a length of 1-128 characters are supported. |
3 | User profile passwords with a length of 1-128 characters are supported. i5/OS NetServer passwords for Windows 95/98/ME clients will be removed from the system. |
Note: If this system value has been changed since the last IPL, this value is not the password level the system is currently using. This value will be in effect after the next IPL.
Password rules. QPWDRULES specifies the rules used to check whether a password is formed correctly. The possible values are:
*PWDSYSVAL | This system value is ignored and the other password system values are used to check whether a password is formed correctly. Specifically, the QPWDLMTAJC, QPWDLMTCHR, QPWDLMTREP, QPWDMAXLEN, QPWDMINLEN, QPWDPOSDIF, and QPWDRQDDGT system values will be used instead of QPWDRULES. |
*ALLCRTCHG | Enforce all password composition rules defined in the QPWDRULES system value when creating or changing a password with the Create User Profile (CRTUSRPRF) and Change User Profile (CHGUSRPRF) command. Validation programs registered for the QIBM_QSY_VLD_PASSWRD exit point, format VLDP0200, will be called to validate the password after the password composition rules have been checked. |
*CHRLMTAJC | The password may not contain 2 or more occurrences of the same character that are positioned adjacent (consecutive) to each other. |
*CHRLMTREP | The password may not contain 2 or more occurrences of the same character. |
*DGTLMTAJC | The password may not contain 2 or more adjacent (consecutive) digit characters. |
*DGTLMTFST | The first character of the password may not be a digit character. |
*DGTLMTLST | The last character of the password may not be a digit character. |
*DGTMAXn | Where n is a number from 0 to 9. Specifies the maximum number of digit characters that may occur in the password. |
*DGTMINn | Where n is a number from 0 to 9. Specifies the minimum number of digit characters that must occur in the password. |
*LMTSAMPOS | The same character cannot be used in a position corresponding to the same position in the previous password. |
*LMTPRFNAME | The uppercase password value may not contain the complete user profile name in consecutive positions. |
*LTRLMTAJC | The password may not contain 2 or more adjacent (consecutive) letter characters. |
*LTRLMTFST | The first character of the password may not be a letter character. |
*LTRLMTLST | The last character of the password may not be a letter character. |
*LTRMAXn | Where n is a number from 0 to 9. Specifies the maximum number of letter characters that may occur in the password. |
*LTRMINn | Where n is a number from 0 to 9. Specifies the minimum number of letter characters that must occur in the password. |
*MAXLENnnn | Where nnn is a number from 1 to 128. The maximum number of characters in a password. If the system is operating at QPWDLVL 0 or 1, the valid range is 1-10. If the system is operating at QPWDLVL 2 or 3, the valid range is 1-128. |
*MINLENnnn | Where nnn is a number from 1 to 128. The minimum number of characters in a password. If the system is operating at QPWDLVL 0 or 1, the valid range is 1-10. If the system is operating a QPWDLVL 2 or 3, the valid range is 1-128. |
*MIXCASEn | Where n is a number from 0 to 9. The password must contain at least n uppercase and n lowercase letters. |
*REQANY3 | The password must contain characters from at
least three of the following four types of characters.
|
*SPCCHRLMTAJC | The password may not contain 2 or more adjacent (consecutive) special characters. |
*SPCCHRLMTFST | The first character of the password may not be a special character. |
*SPCCHRLMTLST | The last character of the password may not be a special character. |
*SPCCHRMAXn | Where n is a number from 0 to 9. Specifies the maximum number of special characters that may occur in the password. |
*SPCCHRMINn | Where n is a number from 0 to 9. Specifies the minimum number of special characters that must occur in the password. |
Password validation program. QPWDVLDPGM provides the ability for a user-written program to do additional validation on passwords. The possible values are:
*NONE | A validation program is not used. |
*REGFAC | The password validation program name will be retrieved from the registration facility. |
program-specification | The first 10 characters contain the name of the validation program and the last 10 characters contain the library name where the validation program is located. This option can only be used if the system is operating at QPWDLVL (password level) 0 or 1. |
Password validation program. QPWDVLDPGM provides the ability for a user-written program to do additional validation on passwords. The first 10 characters contain the name of the program and the last 10 characters contain the library name. *NONE means a validation program is not used.
Performance adjustment. QPFRADJ indicates whether the system should adjust values during IPL and dynamically for system pool sizes and activity levels.
0 | No performance adjustment. |
1 | Performance adjustment at IPL. |
2 | Performance adjustment at IPL and dynamically. |
3 | Dynamic performance adjustment. |
Position characters. QPWDPOSDIF controls the position of characters in a new password. This prevents the user from specifying the same character in a password corresponding to the same position in the previous password. The possible values are:
0 | The same characters can be used in a position corresponding to the same position in the previous password. |
1 | The same characters cannot be used in a position corresponding to the same position in the previous password. |
Power down limit. QPWRDWNLMT is the maximum amount of time an immediate power down can take before processing is ended (abnormal end).
Power restore IPL. QPWRRSTIPL specifies whether the system should automatically do an IPL when utility power is restored after a power failure. The possible values are:
0 | Automatic IPL is not allowed. |
1 | Automatic IPL is allowed. |
Previous end of system indicator. QABNORMSW is the previous end of system indicator. The possible values are:
0 | Previous end of system was normal. |
1 | Previous end of system was abnormal. |
Print key format. QPRTKEYFMT specifies whether border and header information is provided when the Print key is pressed. The possible values are:
*NONE | The border and header information is not included with output from the Print key. |
*PRTBDR | The border information is included with output from the Print key. |
*PRTHDR | The header information is included with output from the Print key. |
*PRTALL | The border and header information is included with output from the Print key. |
Print text. QPRTTXT is the print text. This system value is used to print up to 30 characters of text on the bottom of listings and separator pages.
Printer device. QPRTDEV is the default printer device description. This value specifies the default printer for the system.
Problem filter. QPRBFTR specifies the name of the filter object that the service activity manager uses when processing problems. QPRBFTR is a 20-character list of up to two 10-character values in which the first value is the problem filter name and the second is the library name. *NONE means no problem filter is in use.
Problem hold interval. QPRBHLDITV allows you to specify the minimum number of days a problem is kept in the problem log. After this time interval, the problem can be deleted using the Delete Problem (DLTPRB) command. The time interval starts as soon as it is put into the log.
Processor feature. QPRCFEAT is the processor feature. It is the processor feature-code level of the system.
Processor multitasking. The QPRCMLTTSK system value controls processor multitasking. Possible values are as follows:
0 | Processor multitasking is off. |
1 | Processor multitasking is on. |
2 | Processor multitasking is set to System-controlled. |
Query processing time limit. QQRYTIMLMT specifies a limit that is compared to the estimated number of elapsed seconds that a query requires to run in order to determine if a database query is allowed to start.
*NOMAX | There is no maximum number of estimated elapsed seconds. |
0-2147352578 | The number of seconds that is compared to the estimated number of elapsed seconds required to run a query. If the estimated elapsed seconds is greater than this value, the query is not started. |
Reclaim spool storage. QRCLSPLSTG is reclaim spool storage system value. It allows for the automatic removal of empty spool database members. The values allowed are:
*NOMAX | The maximum retention interval. |
*NONE | No retention interval. |
1-366 | Number of days empty spool database members are kept for new spooled file use. |
Remote service attribute. The QRMTSRVATR system value controls the remote service problem analysis ability. The value allows the system to be analyzed from a remote system. The values for QRMTSRVATR are as follows:
0 | Remote service attribute is off. |
1 | Remote service attribute is on. |
Remote IPL. QRMTIPL is the remote power on and IPL indicator. This value specifies if remote power on and IPL can be started over a telephone line. The possible values are:
0 | Remote power on and IPL are not allowed. |
1 | Remote power on and IPL are allowed. |
Remote sign-on. QRMTSIGN specifies how the system handles remote sign-on requests. The user can specify a program and library to decide which remote sessions will be allowed and which user profiles can be automatically signed on from which locations. The first 10 characters contain the program name, and the last 10 characters contain the library name. QRMTSIGN can have the following values:
*FRCSIGNON | All remote sign-on sessions are required to go through normal sign-on processing. |
*SAMEPRF | When the source and target user profile names are the same, the sign-on may be bypassed for remote sign-on attempts. |
*VERIFY | After verifying that the user has access to the system, the system allows the user to bypass the sign-on. |
*REJECT | No remote sign-on is allowed. |
Required password digits. QPWDRQDDGT specifies whether a digit is required in a new password. The possible values are:
0 | A numeric digit is not required in new passwords. |
1 | A numeric digit is required in new passwords. |
Note: This system value is ignored if the QPWDRULES system value specifies any value other than *PWDSYSVAL.
Retain server security data. QRETSVRSEC specifies whether security-related information for IBM-provided client/server applications is retained. The possible values are:
0 | Do not retain the security-related information. |
1 | Retain the security-related information. |
Save access paths. The QSAVACCPTH system value specifies whether to save logical file access paths that are dependent on the physical files that are being saved. The possible values are:
0 | Do not save access paths. |
1 | Save access paths. |
Scan file systems. The QSCANFS system value specifies the integrated file systems in which objects will be scanned when exit programs are registered with any of the integrated file system scan-related exit points. For more information about the integrated file system scan-related exit points, see the Integrated file system topic collection. The values allowed are:
*NONE | No integrated file system objects will be scanned. |
*ROOTOPNUD | Objects of type *STMF that are in *TYPE2 directories in the Root(/), QOpensys, and User-defined file systems will be scanned. |
Scan file systems control. The QSCANFSCTL system value controls the integrated file system scanning on the system when exit programs are registered with any of the integrated file system scan-related exit points. These controls apply to integrated file system objects in file systems covered by the QSCANFS (Scan file systems) system value. For more information about the integrated file system scan-related exit points, see the Integrated file system information in the Files and file systems topic. The values allowed are:
*NONE | No controls are being specified for the integrated file system scan-related exit points. |
*ERRFAIL | If there are errors when calling the exit program (for example, program not found, or the exit program signals an error), the system will fail the request which triggered the exit program call. If this is not specified, the system will skip the exit program and treat it as if the object was not scanned. |
*FSVRONLY | Only accesses through the file servers will be scanned. For example, accesses through Network File System will be scanned as well as other file server methods. If this is not specified, all accesses will be scanned. |
*NOFAILCLO | The system will not fail the close requests with an indication of scan failure, even if the object failed a scan which was done as part of the close processing. Also, this value will override the *ERRFAIL specification for the close processing, but not for any other scan-related exit points. |
*NOPOSTRST | After objects are restored, they will not be scanned just
because they were restored. If the object attribute is that "the object will not be
scanned", the object will not be scanned at any time. If the object attribute is that
"the object will be scanned only if it has been modified since the last time it was
scanned", the object will only be scanned if it is modified after being restored.
If *NOPOSTRST is not specified, objects will be scanned at least once after being restored. If the object attribute is that "the object will not be scanned", the object will be scanned once after being restored. If the object attribute is that "the object will be scanned only if it has been modified since the last time it was scanned", the object will be scanned after being restored because the restore will be treated as a modification to the object. In general, it may be dangerous to restore objects without scanning them at least once. It is best to use this option only when you know that the objects were scanned before they were saved or they came from a trusted source. |
*NOWRTUPG | The system will not attempt to upgrade the access for the scan descriptor passed to the exit program to include write access. If this is not specified, the system will attempt to do the write access upgrade. |
*USEOCOATR | The system will use the specification of the "object change only" attribute to only scan the object if it has been modified (not also because scan software has indicated an update). If this is not specified, this "object change only" attribute will not be used, and the object will be scanned after it is modified and when scan software indicates an update. |
Second. QSECOND is the system value for the second of the minute. Its value can range from 00 through 59.
Secure sockets layer (SSL) cipher specification list. QSSLCSL specifies the list of cipher suites that are supported by System SSL. The values allowed are:
*RSA_AES_128_GCM_SHA256 | Use the RSA encoding algorithms for the Advanced Encryption Standard (AES) cipher with Galois/Counter Mode (GCM) and 128 bit keys. Use Secure Hash Algorithm 256 (SHA256) for generating the message authentication code (MAC). |
*RSA_AES_256_GCM_SHA384 | Use the RSA encoding algorithms for the Advanced Encryption Standard (AES) cipher with Galois/Counter Mode (GCM) and 256 bit keys. Use Secure Hash Algorithm 384 (SHA384) for generating the message authentication code (MAC). |
*ECDHE_ECDSA_NULL_SHA |
Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm
with the Elliptic Curve Digital Signature Algorithm (ECDSA) signature algorithm
but do not use any cipher. Use Secure Hash Algorithm (SHA) for generating the
message authentication code (MAC).
Note: If negotiated for TLSv1.2, SHA256 will be used instead of SHA-1. |
*ECDHE_ECDSA_RC4_128_SHA |
Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm
with the Elliptic Curve Digital Signature Algorithm (ECDSA) signature algorithm for the Rivest Cipher 4 (RC4) cipher and 128 bit keys.
Use Secure Hash Algorithm (SHA) for generating the message authentication code (MAC).
Note: If negotiated for TLSv1.2, SHA256 will be used instead of SHA-1. |
*ECDHE_ECDSA_3DES_EDE_CBC_SHA |
Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with
the Elliptic Curve Digital Signature Algorithm (ECDSA) signature algorithm for the
Triple Data Encryption Standard (3DES) cipher with the encrypt/decrypt/encrypt (EDE)
and cipher block chaining (CBC) modes and 168 bit keys.
Use Secure Hash Algorithm (SHA) for generating the message authentication code (MAC).
Note: If negotiated for TLSv1.2, SHA256 will be used instead of SHA-1. |
*ECDHE_RSA_NULL_SHA |
Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with
the RSA encoding algorithms but do not use any cipher. Use Secure Hash Algorithm (SHA)
for generating the message authentication code (MAC).
Note: If negotiated for TLSv1.2, SHA256 will be used instead of SHA-1. |
*ECDHE_RSA_RC4_128_SHA |
Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with
the RSA encoding algorithms for the Rivest Cipher 4 (RC4) cipher and 128 bit keys.
Use Secure Hash Algorithm (SHA) for generating the message authentication code (MAC).
Note: If negotiated for TLSv1.2, SHA256 will be used instead of SHA-1. |
*ECDHE_RSA_3DES_EDE_CBC_SHA |
Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with
the RSA encoding algorithms for the 3DES cipher with the encrypt/decrypt/encrypt (EDE)
and cipher block changing (CBC) modes and 168 bit keys.
Use Secure Hash Algorithm (SHA) for generating the message authentication code (MAC).
Note: If negotiated for TLSv1.2, SHA256 will be used instead of SHA-1. |
*ECDHE_ECDSA_AES_128_CBC_SHA256 | Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with the Elliptic Curve Digital Signature Algorithm (ECDSA) signature algorithm for the Advanced Encryption Standard (AES) cipher with cipher block chaining (CBC) and 128 bit keys. Use Secure Hash Algorithm 256 (SHA256) for generating the message authentication code (MAC). |
*ECDHE_ECDSA_AES_256_CBC_SHA384 | Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with the Elliptic Curve Digital Signature Algorithm (ECDSA) signature algorithm for the Advanced Encryption Standard (AES) cipher with cipher block chaining and 256 bit keys. Use Secure Hash Algorithm 384 (SHA384) for generating the message authentication code (MAC). |
*ECDHE_RSA_AES_128_CBC_SHA256 | Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with the RSA encoding algorithms for the Advanced Encryption Standard (AES) cipher with cipher block chaining and 128 bit keys. Use Secure Hash Algorithm 256 (SHA256) for generating the message authentication code (MAC). |
*ECDHE_RSA_AES_256_CBC_SHA384 | Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with the RSA encoding algorithms for the Advanced Encryption Standard (AES) cipher with cipher block chaining and 256 bit keys. Use Secure Hash Algorithm 384 (SHA384) for generating the message authentication code (MAC). |
*ECDHE_ECDSA_AES_128_GCM_SHA256 | Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with the Elliptic Curve Digital Signature Algorithm (ECDSA) signature algorithm for the Advanced Encryption Standard (AES) cipher with Galois/Counter Mode (GCM) and 128 bit keys. Use Secure Hash Algorithm 256 (SHA256) for generating the message authentication code (MAC). |
*ECDHE_ECDSA_AES_256_GCM_SHA384 | Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with the Elliptic Curve Digital Signature Algorithm (ECDSA) signature algorithm for the Advanced Encryption Standard (AES) cipher with Galois/Counter Mode (GCM) and 256 bit keys. Use Secure Hash Algorithm 384 (SHA384) for generating the message authentication code (MAC). |
*ECDHE_RSA_AES_128_GCM_SHA256 | Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with the RSA encoding algorithms for the Advanced Encryption Standard (AES) cipher with Galois/Counter Mode (GCM) and 128 bit keys. Use Secure Hash Algorithm 256 (SHA256) for generating the message authentication code (MAC). |
*ECDHE_RSA_AES_256_GCM_SHA384 | Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with the RSA encoding algorithms for the Advanced Encryption Standard (AES) cipher with Galois/Counter Mode (GCM) and 256 bit keys. Use Secure Hash Algorithm 384 (SHA384) for generating the message authentication code (MAC). |
*RSA_AES_128_CBC_SHA256 | Use the RSA encoding algorithms for the Advanced Encryption Standard (AES) cipher with cipher block changing (CBC) and 128 bit keys. Use Secure Hash Algorithm 256 (SHA256) for generating message authentication codes (MAC). |
*RSA_AES_128_CBC_SHA |
Use the RSA encoding algorithms for the
Advanced Encryption Standard (AES) cipher with cipher block changing (CBC)
and 128 bit keys. Use Secure Hash Algorithm (SHA) for generating message
authentication codes (MAC).
Note: If negotiated for TLSv1.2, SHA256 will be used instead of SHA-1. |
*RSA_RC4_128_SHA |
Use the RSA encoding algorithms for the Rivest
Cipher 4 (RC4) cipher and 128 bit keys. Use Secure Hash Algorithm (SHA) for
generating message authentication codes (MAC).
Note: If negotiated for TLSv1.2, SHA256 will be used instead of SHA-1. |
*RSA_RC4_128_MD5 | Use the RSA encoding algorithms for the Rivest Cipher 4 (RC4) cipher and 128 bit keys. Use message digest algorithm 5 (MD5) for generating message authentication codes (MAC). |
*RSA_AES_256_CBC_SHA256 | Use the RSA encoding algorithms for the Advanced Encryption Standard (AES) cipher with cipher block changing (CBC) and 256 bit keys. Use Secure Hash Algorithm 256 (SHA256) for generating message authentication codes (MAC). |
*RSA_AES_256_CBC_SHA |
Use the RSA encoding algorithms for the
Advanced Encryption Standard (AES) cipher with cipher block changing (CBC)
and 256 bit keys. Use Secure Hash Algorithm (SHA) for generating message
authentication codes (MAC).
Note: If negotiated for TLSv1.2, SHA256 will be used instead of SHA-1. |
*RSA_3DES_EDE_CBC_SHA |
Use the RSA encoding algorithms for the Triple
Data Encryption Standard (3DES) cipher with the encrypt/decrypt/encrypt (EDE)
and cipher block changing (CBC) modes and 168 bit keys. Use Secure Hash
Algorithm (SHA) for generating message authentication codes (MAC).
Note: If negotiated for TLSv1.2, SHA256 will be used instead of SHA-1. |
*RSA_DES_CBC_SHA | Use the RSA encoding algorithms for the Data Encryption Standard (DES) cipher with the cipher block changing (CBC) mode and 56 bit keys. Use Secure Hash Algorithm (SHA) for generating message authentication codes (MAC). |
*RSA_EXPORT_RC2_CBC_40_MD5 | Use the RSA encoding algorithms for the Rivest Cipher 2 (RC2) cipher with the cipher block changing (CBC) mode and 40 bit keys. Use message digest algorithm 5 (MD5) for generating message authentication codes (MAC). |
*RSA_EXPORT_RC4_40_MD5 | Use the RSA encoding algorithms for the Rivest Cipher 4 (RC4) cipher and 40 bit keys. Use message digest algorithm 5 (MD5) for generating message authentication codes (MAC). |
*RSA_NULL_SHA256 | Use the RSA encoding algorithms but do not use any cipher. Use Secure Hash Algorithm 256 (SHA256) for generating message authentication codes (MAC). |
*RSA_NULL_SHA |
Use the RSA encoding algorithms but do not use
any cipher. Use Secure Hash Algorithm (SHA) for generating message
authentication codes (MAC).
Note: If negotiated for TLSv1.2, SHA256 will be used instead of SHA-1. |
*RSA_NULL_MD5 | Use the RSA encoding algorithms but do not use any cipher. Use message digest algorithm 5 (MD5) for generating message authentication codes (MAC). |
*RSA_RC2_CBC_128_MD5 | Use the RSA encoding algorithms for the Rivest Cipher 2 (RC2) cipher with the cipher block changing (CBC) mode and 128 bit keys. Use message digest algorithm 5 (MD5) for generating message authentication codes (MAC). |
*RSA_3DES_EDE_CBC_MD5 | Use the RSA encoding algorithms for the Triple Data Encryption Standard (3DES) cipher with the encrypt/decrypt/encrypt (EDE) and cipher block changing (CBC) modes and 168 bit keys. Use message digest algorithm 5 (MD5) for generating message authentication codes (MAC). |
*RSA_DES_CBC_MD5 | Use the RSA encoding algorithms for the Data Encryption Standard (DES) cipher with the cipher block changing (CBC) mode and 56 bit keys. Use message digest algorithm 5 (MD5) for generating message authentication codes (MAC). |
Secure sockets layer (SSL) cipher specification list control. QSSLCSLCTL specifies whether or not the QSSLCSL (SSL cipher specification list) system value is controlled by the system or by the user. The values allowed are:
*OPSYS |
The QSSLCSL (SSL cipher specification list) system value is
read only.
Note: *OPSYS allows the QSSLCSLCTL values to be automatically updated with newer and stronger ciphers when installing to a future release that has new cipher suite capabilities. |
*USRDFN |
The QSSLCSL (SSL cipher specification list) system value is
modifiable.
Note: Additional cipher suite capabilities will not be added automatically when moving to a future release. You will have to determine what if any new cipher suites are available and add them to the QSSLCSL (SSL cipher specification list) system value manually. |
Secure sockets layer (SSL) protocols. QSSLPCL specifies the SSL protocol versions supported by System SSL. The values allowed are:
*OPSYS | The SSL protocols supported are determined by the system. |
*TLSV1.2 | Transport Layer Security version 1.2 will be supported. |
*TLSV1.1 | Transport Layer Security version 1.1 will be supported. |
*TLSV1 | Transport Layer Security version 1.0 will be supported. |
*SSLV3 | Secure Sockets Layer version 3.0 will be supported. |
*SSLV2 | Secure Sockets Layer version 2.0 will be supported. |
Security level. QSECURITY is the system security level indicator. The possible values are:
10 | The system does not require a password to sign-on. The user has access to all system resources. |
20 | The system requires a password to sign-on. The user has access to all system resources. |
30 | The system requires a password to sign-on, and users must have authority to access objects and system resources. |
40 | The system requires a password to sign-on, and users must have authority to access objects and system resources. Programs that try to access objects through interfaces that are not supported will fail. |
50 | The system requires a password to sign-on, and users must have authority to access objects and system resources. Security and integrity of the QTEMP library and user domain (*USRxxx) objects are enforced. (Use system value QALWUSRDMN to change which libraries allow *USRxxx objects.) Programs fail if they try to pass unsupported parameter values to supported interfaces or if they try to access objects through interfaces that are not supported. |
Note: If this system value has been changed since the last IPL, this value is not the security level the system is currently using. This value will be in effect after the next IPL.
Serial number. QSRLNBR is the system serial number. An example of a serial number is 1001003.
Server authentication interval. QSVRAUTITV is the system value for the server authentication interval. The server authentication interval specifies the time interval of the server authentication in minutes. The following values are allowed:
1-108000 | The authentication of the token expires at the end of the interval specified. |
Service dump. QSRVDMP specifies whether service dumps for unmonitored escape messages are created. The values that are allowed are:
*DMPALLJOB | Service dumps will be created for all jobs. |
*DMPSYSJOB | Service dumps will be created for only system jobs, not user jobs. |
*DMPUSRJOB | Service dumps are created for only user jobs, not system jobs. System jobs include the system arbiter, subsystem monitors, LU services process, spool readers and writers, and the start-control-program-function (SCPF) job. |
*NONE | Do not request dumps in any jobs. |
Set job attributes from locale. The QSETJOBATR system value specifies the job attributes that are to be set from the job's locale. The possible values for QSETJOBATR are as follows:
*NONE | No attributes are set, or use any combination of the following: |
*CCSID | Coded character set identifier |
*DATFMT | Date format |
*DATSEP | Date separator |
*DECFMT | Decimal format |
*SRTSEQ | Sort sequence |
*TIMSEP | Time separator |
Shared memory control. QSHRMEMCTL specifies whether or not users are allowed to use shared memory or mapped memory that has write capability. The allowed values are:
0 | Users are not allowed to use shared memory or mapped memory that has write capability. |
1 | Users are allowed to use shared memory or mapped memory that has write capability. |
Sign-on information. QDSPSGNINF is the system value for displaying sign-on information. The possible values are:
0 | The sign-on information is not displayed. |
1 | The sign-on information is displayed. |
Software error log. QSFWERRLOG specifies whether system-detected software problems are entered in the error log. The allowed values are:
*LOG | When a software error is detected by the system,
the error is evaluated to determine if it should be logged
unconditionally, or if the decision to log the error should be deferred
to the policy based Service Monitor.
If the error is to be logged unconditionally, a PARable message is sent to QSYSOPR and an entry is created in the problem log. If the reporting component provides error data, a spooled file is created to contain the data. The spooled file name is stored in the error log and problem log entries. If the error is to be conditionally logged, the decision to log the error will be made by the policy based Service Monitor. If the decision is to log the problem, an entry is created in the problem log. The problem data will be stored in a problem data library and the problem record entry will be updated with the name of the library. |
*NOLOG | No logging will occur if a software error is detected. |
Sort sequence table. QSRTSEQ is the name of the table used for the sort sequence. The first 10 characters contain the name of the table, and the last 10 characters contain the library name. The values for QSRTSEQ are:
*HEX | No sort sequence table is used. The hexadecimal values of the characters are used to determine the sort sequence. |
*LANGIDSHR | The sort sequence table used can contain the same weight for multiple characters. The shared weight sort table associated with the language specified in the LANGID parameter is used. |
*LANGIDUNQ | The sort sequence table used must contain a unique weight for each character in the code page, and it is the unique weight sort table associated with the language specified in the LANGID parameter. |
sort sequence table name | The name and library of the sort sequence table to be used. |
Special environment. QSPCENV specifies the system environment used as the default for all users. The possible values are:
*NONE | You enter the System i environment when you sign on. |
*S36 | You enter the System/36 environment when you sign on. |
Spooled file action. QSPLFACN specifies whether spooled files can be accessed through job interfaces once a job has completed its normal activity.
*KEEP | When the job completes its activity, as long as at least one spooled file for the job exists in the system auxiliary storage pool (ASP 1) or in a basic user ASP (ASPs 2-32), the spooled files are kept with the job and the status of the job is updated to indicate that the job has completed. If all remaining spooled files for the job are in independent ASPs (ASPs 33-255), the spooled files will be detached from the job and the job will be removed from the system. |
*DETACH | Spooled files are detached from the job when the job completes its activity. |
Start printer writer. QSTRPRTWTR specifies whether printer writers are started at IPL. QSTRPRTWTR can be:
0 | Do not start printer writers. |
1 | Start printer writers. |
Startup program name. QSTRUPPGM is the startup program. This value specifies the name of the program called from an autostart job when the controlling subsystem is started. The first 10 characters contain the program name, and the last 10 characters contain the library name. *NONE means the autostart job ends normally without calling a program.
Status messages. QSTSMSG specifies whether or not the status messages are displayed. The values allowed are:
*NORMAL | Status messages are displayed. |
*NONE | Status messages are not displayed. |
System date. QDATE is the system date. QDATE is composed of the following system values: QCENTURY, QYEAR, QMONTH, and QDAY. The format of the field returned is CYYMMDD where C is the century, YY is the year, MM is the month, and DD is the day. A 0 for the century flag indicates years 19xx, and a 1 indicates years 20xx.
System date and time. QDATETIME is the date and time for the local system time as a single value. Retrieving this value is similar to retrieving QDATE and QTIME in a single operation. The format of the field returned is YYYYMMDDHHNNSSXXXXXX where YYYY is the year, MM is the month, DD is the day, HH is the hours, NN is the minutes, SS is the seconds, and XXXXXX is the microseconds.
System library list. QSYSLIBL is the system part of the library list. The list can contain as many as 15 names.
System model. QMODEL is the system model number. It is the number or letters used to identify the model of the system.
System time. QTIME is the system value for the time of day. QTIME is composed of the following system values: QHOUR, QMINUTE, and QSECOND. QTIME has the format HHMMSSXXX, where HH equals hours, MM equals minutes, SS equals seconds, and XXX equals milliseconds.
Thread resources adjustment. QTHDRSCADJ specifies whether or not the system should make adjustments to the affinity of threads currently running in the system. If some system resources are being utilized more than others, the system may reassign some of the threads running on the more heavily used resources to have affinity to the less used resources. The values allowed are:
'0' | No automatic adjustment of threads is made by the system. Threads will continue to have affinity to the resources which they are currently assigned to until they end or until this system value is changed. |
'1' | The system dynamically makes adjustments of threads' affinity to the system's resources. It does not change the grouping or level of affinity in the threads. |
Thread resources affinity. QTHDRSCAFN specifies whether or not secondary threads are grouped together with the initial thread. If they are grouped together, they will have affinity to, or a preference for, the same set of processors and memory, which may affect performance. The first 10 characters contain a special value indicating how the threads will be grouped. The values allowed are:
*NOGROUP | Secondary threads are not grouped with the initial thread. They are spread across all the available system resources. |
*GROUP | Secondary threads are grouped with the initial thread. |
The last 10 characters contain a special value that indicates to what degree the system tries to maintain the affinity of threads to the system resources that they are internally assigned to. The values allowed are:
*NORMAL | A thread will use any processor or memory in the system if the resources it has affinity to are not readily available. |
*HIGH | A thread will only use the resources it has affinity to, and will wait until they become available if necessary. |
Time adjustment. QTIMADJ can be used to identify software that adjusts the system clock to keep it synchronized with an external time source. This value should be maintained by time adjustment software and is intended as an aid to prevent having multiple time adjustment applications conflict with each other. There are no checks perfomed by the system to verify this value or that software is or is not performing time adjustments. IBM time adjustment offerings will use identifiers that start with QIBM such as 'QIBM_OS400_SNTP'. Other software suppliers should follow a similiar naming convention of company name and product name.
Time adjustment software should check QTIMADJ prior to starting. If QTIMADJ has an identifier for other time adjustment software, then the software being started should notify the user of this potential conflict and confirm that this time adjustment software should be started. When QTIMADJ is *NONE the software should update QTIMADJ to identify that it is now responsible for adjusting the system clock. Time adjustment software should check QTIMADJ again prior to ending. QTIMADJ should be set to *NONE only if the current value identifies this time adjustment software that is ending. The shipped value is *NONE. The allowed values are:
*NONE | Indicates that time adjustment software has not been identified. |
Identifier | Identify the software that will be used to adjust the system clock. |
Time separator. QTIMSEP is the character separator for time. QTIMSEP must be one of the following values: colon (:), period (.), comma (,), or blank.
Time-slice end pool. QTSEPOOL is the time-slice end pool. This value specifies whether interactive jobs should be moved to another main storage pool when they reach time-slice end. The values allowed are:
*NONE | Jobs are not moved to the base storage pool when time-slice end is reached. |
*BASE | Jobs are moved to the base pool when time-slice end is reached. |
Time zone. QTIMZON specifies the name of the time zone description used to calculate local system time.
Total jobs. QTOTJOB specifies the initial number of jobs for which auxiliary storage is allocated when the job tables are rebuilt during the IPL.
UPS delay time. The uninterruptible-power-supply (UPS) delay time specifies the amount of time that elapses before the system automatically powers down following a power failure. When a change in power activates the UPS, messages are sent to the UPS message queue (the system value QUPSMSGQ). This system value is meaningful only if your system has a battery power unit or has an uninterruptible power supply attached.
A change to this system value takes effect the next time there is a power failure. The shipped value is 200 seconds. The allowed values are:
*BASIC | When this option is used, the Licensed Internal Code (LIC) assigns a specific value, which is returned as the second item of this system value. |
*CALC | When this option is used, the Licensed Internal Code (LIC) assigns a specific value, which is returned as the second item of this system value. |
*NOMAX | Starts no action. |
0 | Automatically powers down the system. |
1-99999 | Powers down the system after the specified number of seconds. |
The QUPSDLYTIM system value is in the form of a two-item list. The first item is the value the user specified on the CHGSYSVAL command. The second item is the delay time, which is either what the user specified, or, if *CALC or *BASIC is specified, the delay time assigned by the Licensed Internal Code.
UPS message queue. The QUPSMSGQ system value is the message queue that is to receive uninterruptible-power-supply messages. QUPSMSGQ is a 20-character list of up to two values in which the first 10 characters contain the message queue name, and the last 10 characters contain the library name.
Use adopted authority. QUSEADPAUT specifies an authorization list that is used to control who can create, change, and update programs and service programs with the use adopted authority (USEADPAUT) attribute of *YES. The possible values are:
*NONE | All users can create, change, and update programs and service programs that use adopted authority. |
authorization list name | The name of an authorization list that a user must have at least *USE authority to in order to create, change, and update programs and service programs that use adopted authority. Authority to the authorization list cannot come from adopted authority. |
User library list. QUSRLIBL is the default for the user part of the library list. The list can contain as many as 25 names.
Verify object on restore. QVFYOBJRST is the system value for verify object on restore. This value is used to specify the policy to be used for object signature verification during a restore operation. This value applies to objects of types: *CMD, *PGM, *SRVPGM, *SQLPKG and *MODULE. It also applies to *STMF objects which contain Java™ programs. The possible values are:
1 | Do not verify signatures on restore. Restore all objects regardless of their signature. |
2 | Verify signatures on restore. Restore unsigned commands and user-state objects. Restore signed commands and user-state objects, even if the signatures are not valid. Restore inherit-state and system-state objects only if they have valid signatures. |
3 | Verify signatures on restore. Restore unsigned commands and user-state objects. Restore signed commands and user-state objects only if the signatures are valid. Restore inherit-state and system-state objects only if they have valid signatures. |
4 | Verify signatures on restore. Do not restore unsigned commands and user-state objects. Restore signed commands and user-state objects, even if the signatures are not valid. Restore inherit-state and system-state objects only if they have valid signatures. |
5 | Verify signatures on restore. Do not restore unsigned commands and user-state objects. Restore signed user-state objects only if the signatures are valid. Restore inherit-state and system-state objects only if they have valid signatures. |
Year. QYEAR is the system value that specifies the last 2 digits for the year. Its value can range from 0 through 99.
Error Messages
Message ID | Error Message Text |
---|---|
CPF1860 E | Value &1 in list not valid. |
CPF1861 E | Length of the receiver variable not valid. |
CPF1862 E | Number of values to retrieve not valid. |
CPF24B4 E | Severe error while addressing parameter list. |
CPF3CF1 E | Error code parameter not valid. |
CPF3C19 E | Error occurred with receiver variable specified. |
CPF3C90 E | Literal value cannot be changed. |
CPF9872 E | Program or service program &1 in library &2 ended. Reason code &3. |
API introduced: V2R3