Maximum signon action

The maximum signon attempts action system value determines what the system does when the maximum number of signon attempts is reached at a workstation.

This system value works with the Maximum signon attempts system value to prevent unauthorized sign on to the system.

See Table 2 for an overview of the maximum signon action system value.

Table 1. Possible values for the maximum signon attempts system value
iSeries™ Navigator Character-based interface Description
Disable user 2 Disable user profile only.
Disable device 1 Disable device only.
Disable user and device 3 Disable both the user profile and device.

Relationship to security policy

Within your security policy you should inform users your company's expectations for managing their signon activities. It is important to document the number of signon attempts that users are allowed, and the action taken when that number is exceeded.

Table 2. Quick Reference. Provides details for the maximum signon action system value.
iSeries Navigator name When maximum is reached
Character-based interface name QMAXSIGNACN
Authority

All object access (*ALLOBJ)
Security administrator (*SECADM)

Note: The Security Officer (QSECOFR) user profile is shipped with these authorities.
How to access
iSeries Navigator
  1. Expand Security > Policies.
  2. Right click Signon Policy and select Properties.
  3. On the General page you will find the option for maximum signon attempts.
Character-based interface
  1. In the character-based interface, type WRKSYSVAL QMAXSIGNACN.
Changes take effect Immediately
Default value Disable user and device (3)
Recommended value Disable user and device (3)
Lockable Yes
Special considerations The recommended value for the maximum sign on attempts allows a user three consecutive attempts to sign on, by using the correct user ID and password combination. When a user exceeds the number of unsuccessful signon attempts allowed, the system will disable the user's profile and vary off the device where the user attempted to sign on.

To make a user's profile available for signon again, use the following command: CHGUSRPRF USRPRF(profile-name) STATUS(*ENABLED)

To make a workstation available for signon again, use the Work with Configuration Status (WRKCFGSTS) command to vary on the device.

For more detailed information about this security value, see Chapter 3, "Security System Values" in Security Reference.

Parent topic: Plan system security