• Subject: Re: Securing Spool Files
  • From: John Earl <johnearl@xxxxxxxxxxxxxxxxxx>
  • Date: Wed, 08 Sep 1999 08:49:32 -0700
  • Organization: The PowerTech Group

Gerald,

Gerald Magnuson wrote:

> I need to hide the spool files created by the Payroll Clerk,
> from everyone else, Including the Computer Operators.
> I have given the Clerk a Output Queue that they are only
> authorized to, in a library that they are only authorized to.
> This does stop the users from using WRKOUTQ to get to
> the spool files.
>
> However,  If the Computer Operator does a WRKACTJOB
> and looks at the Payroll Clerks job, they can still see the
> spool files.
>
> Is my only option to revoke authority to the spool files that
> are used by the Payroll clerk?

More than likely it's Special Authorities that are giving your operator the
rights to see the payroll spool files.   If your operator has *SPLCTL special
authority, they will always be able to see every spool file on the system.
*SPLCTL is is to spool files as *ALLOBJ is to objects.   If the operator has
*SPLCTL, you will have to remove it in order to secure your payroll outq's.

If the Operator has *JOBCTL special authority, you can secure the spool files by
putting them in an OUTQ created with the OPRCTL(*NO) and specifying regular
OS/400 authority (*PUBLIC *EXCLUDE) for the OUTQ object.

Depending on how the output queue is used, you may want to also specify the
DSPDTA(*NO) and AUTCHK(*OWNER) parameters as well.  Press the F1 key to see what
those parameters will do for your security.

hth,

jte


--
John Earl                                           johnearl@powertechgroup.com
The PowerTech Group                        206-575-0711
PowerLock Network Security              www.400security.com
The 400 School                                www.400school.com
--


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].