Changing to security level 50

If your current security level is 10 or 20, change the security level to 40 before you change it to 50. If your current security level is 30 or 40, you need to evaluate the QALWUSRDMN value and recompile some programs to prepare for security level 50.

Most of the additional security measures that are enforced at security level 50 do not cause audit journal entries at lower security levels. Therefore, an application cannot be tested for all possible integrity error conditions before changing to security level 50.

The actions that cause errors at security level 50 are uncommon in normal application software. Most software that runs successfully at security level 40 also runs at security level 50.

If you are currently running your system at security level 30, complete the steps described in Changing to security level 40 to prepare for changing to security level 50.

If you are currently running your system at security level 30 or 40, do the following to prepare for security level 50:

  • Evaluate the QALWUSRDMN system value. Controlling user domain objects is important to system integrity.
  • Recompile any COBOL programs that assign the device in the SELECT clause to WORKSTATION if the COBOL programs were compiled using a pre-V2R3 compiler.
  • Recompile any S/36 environment COBOL programs that were compiled using a pre-V2R3 compiler.
  • Recompile any RPG/400® or System/38 environment RPG* programs that use display files if they were compiled using a pre-V2R2 compiler.

You can go directly from security level 30 to security level 50. Running at security level 40 as an intermediate step does not provide significant benefits for testing.

If you are currently running at security level 40, you can change to security level 50 without extra testing. Security level 50 cannot be tested in advance. The additional integrity protection that is enforced at security level 50 does not produce error messages or journal entries at lower security levels.