• Subject: Re: Protection for spool files?
  • From: John Earl <johnearl@xxxxxxxxxx>
  • Date: Tue, 27 Jan 1998 09:10:35 -0800

Jim,

At 11:05 PM 1/26/98 -0800, you wrote:
>
<snip>

>> I havn't found a way to give users authority to control printers and yet not
>> enough authority to delete spool files.  The problem is that once a printer
>> prints a file, the file is deleted from the outq.  This implies that anyone
>> who can print a file has the ability to delete it.
>
>Whoa big boy...spool file keep will retain the file after printing.  I know you
>know that much. :)
>Nothing implied about it.

Sure, but because you _can_ choose not to retain, you must have delete
capability in order to print.  


>> Additionally, one of the rules of spool files is that a user that creates a
>> spool file will always have authority to delete that spool file.  This is
>> true even if the spool file is put into an outq to which the user has
>> *EXCLUDE authority (They can use commands like WRKJOB and WRKSPLF to hammer
>> it).  Ownership of a spool file confers *ALL authority to that file.
>
>The creator givith and the creator takith away.  You are correct in the
>following.  To retain, move it to where they can't takith away.  Flaw in
design?
>Nah, working as intended.

But it is different from authority rules on regular objects.  If USERA
creates any other kind of OS/400 object, the sysadm can remove USERA's
authority to that object. Not so with spool files.  There is no way to
restrict the owners authority to a spool file, so the retain idea only works
if you duplicate the object (either as a new spool file or as a database
file/member) into a new object that is not owned by the original user.

Spool file authority is fairly non-intuitive, and certainly doesn't use the
same rules as other OS/400 objects.

jte  


jte

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---


This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].