× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2000

Re: QPJOBLOG security

  • Subject: Re: QPJOBLOG security
  • From: John Earl <johnearl@xxxxxxxxxxxxxxx>
  • Date: Thu, 02 Nov 2000 18:39:25 -0800
  • Organization: The PowerTech Group
 
Jill,

Jill Gallagher wrote:

> We worked around this.  The file QPJOBLOG would normally go to outq
> qezjoblog.  We chgd it to go to a new outq joblogoutq.  We then chgd the
> authority on joblogoutq to give public access to operational on the object
> rights and add, read and execute, but not delete or update on data rights.
> This has worked for us.  There may be a better way to do this, but it works.

Because of the crazy way that spool file security works, your users will still 
be
able to delete their own spool files by issuing the WRKSPLF, WRKJOB, WRKSBMJOB,
etc. commands.  Sure, you can secure the OUTQ, but the user doesn't have to go
through the OUTQ to get to the spool file (It's a bit of an odd relationship, 
but
the spool file doesn't actually live in the OUTQ, it lives in a multimember file
named something like QSPL/Q04079N001).  Any tool that gives them access to their
spool files without directly referencing the OUTQ (such as the mentioned
commands, Ops Nav, etc) will give the user the opportunity to delete those spool
files. simply because they own those spool files.  It's on eof those quirks of
AS/400 security.

jte



--
John Earl                    johnearl@400security.com
The PowerTech Group      --> new number --> 253-872-7788
PowerLock Network Security   www.400security.com
--


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.