× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2003

RE: How can I limit spooled file access under OperationNavigatorUserwith *SPLCTL special authority ?

 
> For example, QSYSOPR have *SPLCTL special authority to all spooled
file.
> If I limit access outq resource authority to QSYSOPR, QSYSOPR could
not
> operate the important spooled. I just want to limit QSYSOPR couldn't
> display spooled file and couldn't change outq or printer, and  allow
> other operation for problem solving like reprint some page on some
> spooled file owner area locked by spoolede file woner. I can do it
with
> VCP. Could Operation Navigater  do it  ?

Ah!  That's a better question.

I believe that what you really want is for QSYSOPR to have *JOBCTL
special authority not *SPLCTL special authority because *JOBCTL can be
regulated but *SPLCTL cannot.

A user with *JOBCTL special authority can only bypass the authority of
Queues that have their OPRCTL parameter set to *YES (do a WRKOUTQD to
see this parameter, and a F13 to change the parameter).  If the Queue
has the OPRCTL(*YES) parameter setting, then a *JOBCTL user has complete
authority to the queue and it's entries. If OPRCTL is set to *NO, then a
user with *JOBCTL can still work with the queue itself (assuming object
authority of at least *USE), but will need some other authorization to
work with entries on the Queue.

To accomplish what I think you're asking for, do the following:

1) Take away *SPLCTL and grant *JOBCTL to QSYSOPR.
2) Change the Out Queue(s) in question to OPRCTL(*NO).
3) Make sure the DSPDTA parameter is set to *NO (the default) for the
Out Queue(s) in question.
4) Make sure the AUTCHK parameter is set to *OWNER (the default) the Out
Queue(s) in question.
5) Make sure that QSYSOPR (either individually, or through *PUBLIC) has
at least *USE authority to the Out Queue object(s).

Now QSYSOPR will still have broad access to all the other Queues
(assuming that the default parameter sets were taken when the Queues
were built), but won't be able to display the data in the queue's that
you want to restrict.

jte


John Earl - john.earl@powertechgroup.com
The PowerTech Group - Seattle, WA 
+1-253-872-7788 - www.powertech.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.