Security on your system is arranged in a series of levels, with each level offering a greater degree of security and protection of your data than the previous level.
You can choose how much security you want the system to enforce by setting the security level (QSECURITY) system value. i5/OS® supports these fully-integrated system security levels:
At this security level, users that access to the system must have a password and user ID that the system recognizes. The system administrator creates both the user ID and initial password for users. This level of security allows users total authority to do anything they want on the system, which means that all users can access all data, files, objects, and so on, on your system because all users have *ALLJOB special authority.
At this security level, resource security is enforced on the system. That is, users must have specific authority to use objects because they do not have any authority by default. Users do not have automatic access to everything on the system and the system administrator must define a valid user ID and password for them. User access is limited by the security policies of the business.
At this security level, resource security and integrity protection are enforced, and the system itself is protected against users. Integrity protection functions, such as the validation of parameters for interfaces to the operating system, help protect your system and the objects on it from tampering by experienced system users. For example, user-written programs cannot directly access the internal control blocks through pointer manipulation. Level 40 is the default security level for every new installation and is the recommended security level for most installations.
At this security level, advanced integrity protection is added to the resource security and level 40 integrity protection enforcement. Advanced integrity protection includes further restrictions, such as the restriction of message-handling between system state programs and user state programs. Not only is the system protected against user-written programs, but it ensures that users only have access to data on the system, rather than information about the system itself. This offers greater security against anyone attempting to learn about your system. Level 50 is the recommended level of security for most businesses, because it offers the highest level of security currently possible. Also, level 50 is the required level for C2, FIPS-140, and Common Criteria certifications.
Related concepts
Planning system security