AS/400 System Values

The following are recommendations for changes to AS/400 system values for use with Webulator/400.

Security level of 30 minimum (QSECURITY) (recomended 40)

Security level 30 forces the use of passwords when signing on to the AS/400 and also enables object based security. This allows you to specifically authorize (or not authorize) users to work with objects on the AS/400. This allows you to control access to the AS/400 and access to individual objects on the AS/400.

Limit QSECOFR (and other key users) to specific devices (QLMTSECOFR)

By changing the QLMTSECOFR system value to indicate that explicit device access is needed, you can specify the devices where users with *SERVICE or *ALLOBJ special authority are allowed to sign on. Part of this limitation could be the denial of access at virtual terminals that are to be associated with Webulator/400. Keep in mind that you must grant authority to the QSECOFR user profile, and any others with the noted special authorities, to the devices they will be using (such as DSP01).

Limit invalid signons (QMAXSIGN)

By setting the QMAXSIGN system value, you limit the number of attempts a user can make to successfully sign on at a workstation. Once the limit is reached, the action defined in the QMAXSGNACN system value will be performed on the device and user profile.

Set QMAXSGNACN to disable the profile

When the limit defined in the QMAXSIGN system value is reached, the AS/400 system automatically reacts and performs the action defined in the QMAXSGNACN system value. It is possible to disable the user profile, the device, or both. Obviously, the option to disable both is the most secure.

Limit dynamic creation of *VRT devices (QAUTOVRT)

By controlling the virtual devices used for Webulator/400, you can control what users and functions are allowed at each of those workstations.

The value of this system value also affects other AS/400 products and programs that require automatic virtual device configuration. This includes TCP/IP TELNET, 5250 display station pass-through, Client Access/400, and other programs that may use the virtual terminal APIs.