QSYS2.SECURITY_INFO- System Values
This service is similar to running the Display Security Attributes (DSPSECA) and Display Security Auditing (DSPSECAUD) CL commands along with the Retrieve Security Attributes API (QSYRTVSA). But instead of calling two CL commands that only go to display or write to an API, you can retrieve all security-related values (including security-relevant system values) in one easy select statement!
If you’ve ever run DSPSECA, you know that it displays somewhat random security configuration information, but if you need that information, it’s the only place you can discover it. For example, I find it useful to run DSPSECA to determine if a change to either QSECURITY or QPWDLVL has taken effect or is still pending. DSPSECA shows both the current and pending values. (Remember, it takes an IPL for changes to these system values to take effect.) Note: If the current and pending values are the same, only the current value is displayed. And I find running DSPSECAUD helpful to determine which audit journal receiver is currently attached. For more information about QSYS2.SECURITY_INFO, see https://www.ibm.com/support/pages/node/6442035
While this information is valuable, the format of the information returned is not that easy to consume. All of the information is returned on one line. You must endlessly scroll to the right of your Run SQL Scripts display to see all of them. Enter New Nav. What you’re going to realize once you’ve used IBM i Services and New Nav a few times is that they are very tightly connected. New Nav uses IBM i Services to present most of its information. Let’s see how New Nav displays this information.
To see the information provided by the QSYS2.SECURITY_INFO service in New Nav, log into New Nav, float your cursor over the padlock, and click on Security Configuration Info, as shown in Figure 2.1.
Figure 2.1: Click on the padlock icon and then Security Configuration Info to see the listing of security information, current and pending settings, and a description of the value.
What’s displayed is an aggregation of the system values returned when running WRKSYSVAL *SEC, the security attributes displayed when running DSPSECA, and the audit configuration settings displayed when running DSPSECAUD. A description of each system value, attribute, or configuration setting is provided, along with its list of possible values. One thing I appreciate about this view is that each possible value is explained, as shown in Figure 2.2. Under the covers, New Nav has called the QSYS2.SECURITY_INFO IBM i Service but is displaying it in a much more consumable format than if you’d run the service in Run SQL Scripts.
Figure 2.2: An example of two values shown under the Security Configuration Info category.
I find this view quite helpful, and I think you will too, especially if you don’t work with IBM i security very often or you’re new to the topic.