SECURITY_INFO view

The SECURITY_INFO view returns one row containing information about the IBM i security configuration.

The values returned for the columns in the view are closely related to the values returned by the Display Security Attributes (DSPSECA) and Display Security Auditing (DSPSECAUD) CL commands and by the Retrieve Security Attributes (QSYRTVSA) API.

Authorization: The caller must have *AUDIT special authority to see the system values for QAUDCTL, QAUDLVL, QAUDLVL2, and QCRTOBJAUD.

To see the AUDIT_JOURNAL_RECEIVER_LIBRARY and AUDIT_JOURNAL_RECEIVER values, the caller must have:

*OBJOPR and some data authority other than *EXECUTE to journal QSYS/QAUDJRN.

The following table describes the columns in the view. The system name is SEC_INFO. The schema is QSYS2.

Table 1. SECURITY_INFO view
Column Name	System Column Name	Data Type	Description
SECURITY_LEVEL	SECLVL	INTEGER	The security level that is currently being used by the system. 20 Password security only 30 Password and object security 40 Password, object, and operating system integrity 50 Password, object, and enhanced operating system integrity
PENDING_SECURITY_LEVEL	PENDSECLVL	INTEGER Nullable	The security level that the system will use after the next IPL. Contains the null value if the security level will not change after the next IPL.
PASSWORD_LEVEL	PWDLVL	INTEGER	The password level that is currently being used by the system. 0 User profile passwords with a length of 1-10 characters are supported. 1 User profile passwords with a length of 1-10 characters are supported. IBM i NetServer passwords for Windows 95/98/ME clients will be removed from the system. 2 User profile passwords with a length of 1-128 characters are supported. 3 User profile passwords with a length of 1-128 characters are supported. IBM i NetServer passwords for Windows 95/98/ME clients will be removed from the system.
PENDING_PASSWORD_LEVEL	PENDPWDLVL	INTEGER Nullable	The password level that the system will use after the next IPL. Contains the null value if the password level will not change after the next IPL.
AUDIT_JOURNAL_EXISTS	QAUDJRN	VARCHAR(3)	Whether the security journal QAUDJRN exists. NO The security journal QAUDJRN does not exist. YES The security journal QAUDJRN exists.
PASSWORD_CHANGE_BLOCK	QPWDCHGBLK	VARCHAR(5)	The current setting for the block password change (QPWDCHGBLK) system value.
PASSWORD_EXPIRATION_INTERVAL	QPWDEXPITV	VARCHAR(6)	The current setting for the password expiration interval (QPWDEXPITV) system value.
PASSWORD_EXPIRATION_WARNING	QPWDEXPWRN	INTEGER	The current setting for the password expiration warning (QPWDEXPWRN) system value.
PASSWORD_LIMIT_DIGITS	QPWDLMTAJC	INTEGER	The current setting for the limit adjacent digits in password (QPWDLMTAJC) system value.
PASSWORD_LIMIT_CHARACTERS	QPWDLMTCHR	VARCHAR(10)	The current setting for the limit characters in password (QPWDLMTCHR) system value.
PASSWORD_LIMIT_REPEAT	QPWDLMTREP	INTEGER	The current setting for the limit repeating characters in password (QPWDLMTREP) system value.
PASSWORD_LIMIT_POSITIONS	QPWDPOSDIF	INTEGER	The current setting for the limit password character positions (QPWDPOSDIF) system value.
PASSWORD_REQUIRE_DIGIT	QPWDRQDDGT	INTEGER	The current setting for the require digit in password (QPWDRQDDGT) system value.
PASSWORD_MAXIMUM_LENGTH	QPWDMAXLEN	INTEGER	The current setting for the maximum password length (QPWDMAXLEN) system value.
PASSWORD_MINIMUM_LENGTH	QPWDMINLEN	INTEGER	The current setting for the minimum password length (QPWDMINLEN) system value.
PASSWORD_DUPLICATION	QPWDRQDDIF	INTEGER	The current setting for the duplicate password control (QPWDRQDDIF) system value.
PASSWORD_RULES	QPWDRULES	VARCHAR(750)	The current setting for the password rules (QPWDRULES) system value.
PASSWORD_VALIDATION_PROGRAM	QPWDVLDPGM	VARCHAR(20)	The current setting for the password validation program (QPWDVLDPGM) system value.
CREATE_PUBLIC_AUTHORITY	QCRTAUT	VARCHAR(8)	The current setting for the create default public authority (QCRTAUT) system value.
CREATE_OBJECT_AUDITING	QCRTOBJAUD	VARCHAR(7)	The current setting for the create object auditing (QCRTOBJAUD) system value. Returns the value NOTAVL if caller does not have AUDIT special authority.
MAXIMUM_SIGNON_ATTEMPTS	QMAXSIGN	VARCHAR(6)	The current setting for the maximum sign-on attempts allowed (QMAXSIGN) system value.
MAXIMUM_SIGNON_ACTION	QMAXSGNACN	INTEGER	The current setting for the action to take for failed sign-on attempts (QMAXSGNACN) system value.
VERIFY_OBJECT_RESTORE	QVFYOBJRST	INTEGER	The current setting for the verify object on restore (QVFYOBJRST) system value.
ALLOW_OBJECT_RESTORE	QALWOBJRST	VARCHAR(150)	The current setting for the allow object restore (QALWOBJRST) system value.
USE_ADOPTED_AUTHORITY	QUSEADPAUT	VARCHAR(10)	The current setting for the use adopted authority (QUSEADPAUT) system value.
ALLOW_USER_DOMAIN	QALWUSRDMN	VARCHAR(500)	The current setting for the allow user domain objects in libraries (QALWUSRDMN) system value.
LIMIT_SECOFR_ACCESS	QLMTSECOFR	INTEGER	The current setting for the limit security officer device access (QLMTSECOFR) system value.
INACTIVE_JOB_TIMEOUT	QINACTITV	VARCHAR(5)	The current setting for the inactive job time-out (QINACTITV) system value.
INACTIVE_JOB_MESSAGE_QUEUE	QINACTMSGQ	VARCHAR(20)	The current setting for the inactive job message queue (QINACTMSGQ) system value.
DISCONNECTED_JOB_INTERVAL	QDSCJOBITV	VARCHAR(5)	The current setting for the time interval before disconnected jobs end (QDSCJOBITV) system value.
AUTOCONFIGURE_DEVICES	QAUTOCFG	INTEGER	The current setting for the autoconfigure devices (QAUTOCFG) system value.
AUTOCONFIGURE_REMOTE_ CONTROLLERS	QAUTORMT	INTEGER	The current setting for the autoconfigure of remote controllers (QAUTORMT) system value.
AUDITING_CONTROL	QAUDCTL	VARCHAR(50)	The current setting for the auditing control (QAUDCTL) system value. Returns the value NOTAVL if caller does not have AUDIT special authority.
AUDITING_LEVEL	QAUDLVL	VARCHAR(160)	The current setting for the auditing level (QAUDLVL) system value. Returns the value NOTAVL if caller does not have AUDIT special authority.
AUDITING_LEVEL_EXTENSION	QAUDLVL2	VARCHAR(990)	The current setting for the auditing level extension (QAUDLVL2) system value. Returns the value NOTAVL if caller does not have AUDIT special authority.
AUDIT_JOURNAL_RECEIVER_ LIBRARY	JRNRCV_LIB	VARCHAR(10) Nullable	The name of the library that contains the journal receiver attached to the security journal. Contains the null value if AUDIT_JOURNAL_EXISTS is NO or if caller is not authorized.
AUDIT_JOURNAL_RECEIVER	JRNRCV	VARCHAR(10) Nullable	The name of the journal receiver attached to the security journal. Contains the null value if AUDIT_JOURNAL_EXISTS is NO or if caller is not authorized.
ALLOW_DIGITAL_CERTIFICATE_ ADD	DCM_ADD	VARCHAR(3)	Whether digital certificates can be added to a certificate store using the Add Verifier (QYDOADDV, QydoAddVerifier) API, and whether the password for a certificate store can be reset using Digital Certificate Manager (DCM). NO Digital certificates cannot be added to a certificate store using the QYDOADDV API, and certificate store passwords cannot be reset using DCM. YES Digital certificates can be added to a certificate store using the QYDOADDV API, and certificate store passwords can be reset using DCM. The Change SST Security Attributes (CHGSSTSECA) command can be used to change this attribute.
ALLOW_SECURITY_SYSVAL_ CHANGE	SYSVAL_CHG	VARCHAR(3)	Whether the security related system values can be changed. NO The security related system values cannot be changed. YES The security related system values can be changed. The Change SST Security Attributes (CHGSSTSECA) command can be used to change this attribute.
ALLOW_SERVICE_TOOLS_ PASSWORD_CHANGE	SSTPWD_CHG	VARCHAR(3)	Whether a service tools user ID with a default password that is expired can change its own password. NO A service tools user ID with a default password that is expired cannot change its own password. YES A service tools user ID with a default password that is expired can change its own password. The Change SST Security Attributes (CHGSSTSECA) command can be used to change this attribute.
NEXT_USER_ID	NEXT_UID	BIGINT	The value that will be used the next time a user ID number (UID) is generated for a user profile.
NEXT_GROUP_ID	NEXT_GID	BIGINT	The value that will be used the next time a group ID number (GID) is generated for a user profile.

Example

Return the security and password levels for the system.

SELECT SECURITY_LEVEL, PASSWORD_LEVEL FROM QSYS2.SECURITY_INFO;