× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Frank,

For the purposes of this problem, the relevant values are the UserPrf's SpcAut status and the LmtCpb, and the Group profiles SpcAut.

So your problem stems at least in part from the fact that the user operates with the *JOBCTL SpcAut that it inherits from it's group. The first best solution would be to remove *JOBCTL special authority from the user either by removing the SpcAut from the group, or by removing the user from the group.

If you're able to do this, you can then use the regular OS/400 authorities manage access to the JobQ. You can also use the AUTCHK parameter to control whether this user can manage other users entries on the Queue(AUTCHK(*OWNER) means you must be the owner of a queue entry to work with it), or whether the user has the rights to change entries on the queue(AUTCHK(*DTAAUT) means that the standard OS/400 object authorities apply to queue entries.).

If you can't remove *JOBCTL from the user, another option could be to change the JobQ in question to OPRCTL(*NO), but doing this would mean that any System Operator or administrator that needed to manipulate this queue would have to have specific authority to the queue in order to manage it.

HTH,

jte






On Jun 7, 2010, at 8:47 AM, fbocch2595@xxxxxxx wrote:


Hi Folks, I checked the archives but couldn't find an answer to this one but here goes;

We have a usrprf, rmtuser, that is currently able to change jobs in jobq’s (move to other jobq's, delete the job from the jobq) but we want to restrict rmtuser so that it can only view jobs in jobq’s, but stop it from doing anything else to a job in a jobq. So, I guess that means restricting rmtuser to hldjob/chgjob/endjob, etc.

Usrprf rmtuser has lmtcpb = *yes and spcaut = *none but rmtuser is part of a grpprf, safety_pgm, which has usrcls = *pgmr, spcaut = *jobctl, and lmtcpb = *no. I don’t want to change any of these settings to rmtuser or safety_pgm if I don’t have to. So, my question is how best to restrict rmtuser from these commands?

Would using rvkobjaut on hldjob/chgjob/endjob for rmtuser work in this environment?

Thanks, Frank



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
John Earl
President and CEO
Patrick Townsend Security Solutions
"The Encryption Company"

Olympia, WA | www.patownsend.com
Office: 360-357-8971 Ext 118


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.