re: Securing outqs

The ALLOBJ is part of your problem. Were the outqs created w/default
parameters? There are a couple variations on the parms. To have an outq
where only the user/group that created a report can see its content, try
CRTOUTQ outq(xxx) dspdta(*owner) oprctl(*yes) autchk(*owner) aut(*use).
Users w/ *jobctl can manage the queue, but not see inside the reports.
Remove operator control with oprctl = *no. Could also change aut =
*exclude.  User w/ *allobj can only view their own spool files in a
queue w/ dspdta = *owner. The  exception is *splctl. It overrides all
outq parameters. Only Qsecofr needs this. See the book from Duke Press
'Implementing AS/400 Security' by Wayne Madden & Carol Woodbury. They
have a detailed explanation.

> We have some output queues we wish to secure. The problem is several users
> have *SPLCTL and *ALLOBJ. We want to secure an outq such that only specific
> users can view/change spool files in that queue. I've created an outq with
> public *EXCLUDE, and added an authorizaton list to it. I've revoked my
> ownership of the queue to QSECOFR. Even if my name is not on the
> authorization list, I can still view and change spool files in this out
> queue. My profile has *ALLOBJ and *SPLCTL, among others. What are my
> options?
>


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---