Blog Archives

System Values in AS/400

Why System Values

On the iSeries, all user and system data structures are held in objects (files, folders, libraries,menus, programs, user profiles, etc.). It is possible to see in the objects only via their defined interfaces. iSeries operates on object-level security. The iSeries comes with four major operating system components: Integrated Communications, Integrated Database, Integrated Work Management, and Integrated Security. The functions within the Integrated Security component protect all objects and data from unauthorized access. The iSeries has default values known as system values, which can be used to control the operations of the system. System values are a part of iSeries and cannot be created by a user. However, most can be changed to customize your system according to your requirements. System values are used as default parameters in many commands and object descriptions. Other system values control the operation of certain parts of the operating system.

System values, *SYSVAL, are AS/400 attributes that allow each installation to customize the machine to the organizations own needs and specifications. Consider, for example, the differing needs of an AS/400 installed in China and one installed in Holland. Each machine would need different alphabet characters, different displays of the time and date, and probably different security levels and hardware.

Few Examples of System Values

Consider the date system value QDATE, which may be either a 5-digit or 6-digit field. A 6-digit field could hold a date such as 11-28-96, while a 5-digit field would be used for a Julian date. Julian dates have no days or months; instead, they contain a single value for the day of the year. For example, the first day of January expressed as a Julian date is 1, while December 31 is 365 (or 366 in a leap year). Another system value is QYEAR, which would hold only the year value in this example, 96. QDATFMT (an editing system value) defines how your machine will use the date value. Several options are available for this, including mm-dd-yy, used for most reports; yy/mm/dd, convenient for sorting; or dd:mm:yy, used in military format, and in many European countries. You can also customize the type of separators; the previous examples show three such options the hyphen, the dash, and the colon.
The time value, QTIME, represents the system time of day. It comprises three other system values, QHOUR, QMINUTE, and QSECOND. QHOUR is based on a 24-hour clock. For example, 1:00 p.m. is 13. The system value QCURSYM determines the currency symbol, which is country dependent; for example, the yen, lira, franc, and dollar use different symbols.

Changing System Values

A user must have proper authority to change a system value; in many installations only the security officer has sufficient authority to make these changes. However, operators must be aware of many of the nearly 100 system values, because these values provide a convenient method for modifying small portions of the operating system they control how a given command, or even the entire system, will perform. Particular system values control system performance; others define the security levels; yet others simply provide defaults to command options that were unspecified. System values can be divided into eight categories: Date/time, editing, system control items, library lists, allocations, message logging, storage values, and security values.

In order to access the complete list of system values for viewing or editing purposes, enter the command “WRKSYSVAL” at the command line prompt. If the user is authorized to access this menu, the “Work with System Values” menu will appear. The matrix of values contains the system value, the category that the value fits under (Security, Storage, System control, etc.), and a description of the value. The values can be changed by entering option 2 or just displayed by entering option 5. Once option 2 is selected to edit a particular value, the menu may allow the user to choose from the different options available to that value or the user will be able to type the value in a provided space. If option 5 is selected for viewing, the user typically will see the option currently set for the value, as well as all the options available with a short description. If the user edits the system value, a confirmation notice is displayed at the bottom of the screen upon returning to the “Work with System Values” menu.

Few Important System Value Definitions

  • QDSPSGNINF – The Display Sign-on Information system value determines whether the sign-on information display is shown after signing on.
  • QSECURITY – The Security Level system value allows the system administrator to determine what level of security the system should enforce.
  • QINACTITV – The Inactive Job Time-out system value controls the amount of time a terminal can remain signed-on without any activity.
  • QINACTMSGQ – The Inactive Job Message Queue system value specifies the action the system takes when an interactive job has been inactive for the specified interval of time indicated by the QINACTITV system value.
  • QDSCJOBITV – The Disconnected Job Time-Out Interval system value determines, in terms of minutes, if and when the system ends a disconnected job.
  • QLMTSECOFR – The Limit Security Officer system value restricts privileged users who have all-object (*ALLOBJ) or service (*SERVICE) special authorities to specified workstations.
  • QLMTDEVSSN – The Limit Device Sessions system value determines whether a user is allowed to be signed-on to more than one device at a time.
  • QMAXSIGN – The Maximum Number of Sign-on Attempts system value specifies the maximum number of invalid sign-on attempts permitted (for both local and remote users) by the system.
  • QMAXSGNACN – The Action When Sign-On Attempts Reached system value determines the action taken when the user violates the QMAXSIGN system value described above.
  • QRMTSIGN – The Remote Sign-On Control specifies how the system handles remote sign on requests.
  • QPWDEXPITV – The Password Expiration Interval specifies the number of days allowed before a password must be changed.
  • QPWDRQDDGT – The Requirement for Numeric Character in Passwords system value can require a user to have a numeric character in their new password.
  • QPWDRQDDIF – The Required Difference in Passwords system value indicates the number, if any, of previous passwords that are checked for duplicates.
  • QPWDMINLEN – The Minimum Length of Passwords system value specifies, in terms of characters, the shortest length a user’s password may be.
  • QAUDCTL – The Auditing Control system value is the determinate of whether the iSeries is performing auditing or not.

There are many other system values that can strengthen or weaken the security surround an iSeries machine that the reader should take into consideration. There are over 130 system values and an almost endless amount of configurations for an iSeries machine.

Advertisements