× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2003

RE: Securing an outq

You'll find lots of good info on this topic in the archive, but in your
case, change the out queue in question to OPRCTL(*NO).  This prevents
users with *JOBCTL from having carte blanche access to everything in the
queue.

Jte


 

> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-
> bounces@xxxxxxxxxxxx] On Behalf Of MWalter@xxxxxxxxxxxxxxx
> Sent: Monday, June 23, 2003 10:00 AM
> To: Midrange Systems Technical Discussion
> Subject: Re: Securing an outq
> 
> 
> That's the problem. The users' group authority, which is
> granted from the
> ERP package, contains JOBCTL special authority. This is
> required by the
> package. We use menu level security, No-one has a command
> line, so I guess
> I stuck with a file based system.
> 
> Thanks,
> 
> Mark
> 
> Mark D. Walter
> Senior Programmer/Analyst
> CCX, Inc.
> mwalter@xxxxxxxxxx
> http://www.ccxinc.com
> 
> 
> |--------+------------------------------------>
> |        |          Vern Hamberg              |
> |        |          <vhamberg@xxxxxxxxxxxxxxxx|
> |        |          ology.com>                |
> |        |          Sent by:                  |
> |        |          midrange-l-bounces@xxxxxxx|
> |        |          e.com                     |
> |        |                                    |
> |        |                                    |
> |        |          06/23/2003 12:46 PM       |
> |        |          Please respond to Midrange|
> |        |          Systems Technical         |
> |        |          Discussion                |
> |        |                                    |
> |--------+------------------------------------>
>   >-------------------------------------------------------
> ----------------------------------------------------|
>   |
> |
>   |       To:     Midrange Systems Technical Discussion
> <midrange-l@xxxxxxxxxxxx>                             |
>   |       cc:
> |
>   |       Subject:     Re: Securing an outq
> |
>   >-------------------------------------------------------
> ----------------------------------------------------|
> 
> 
> 
> 
> Look in the archives for SPLCTL and JOBCTL. OUTQ security
> is a little
> weird. You should probably refer tot he Tips and Tools for
> Securing Your
> iSeries. To quote,
> 
> >A user with *SPLCTL special authority can see any spooled
> file on the
> >system, no matter what efforts you make to secure your
> output queues.
> 
> There is a section in the Security manual on Printing in
> the Work
> Management chapter (near page 186). Read until you
> understand it well.
> 
> Clearly you need to check for users with *SPLCTL special
> authority.
> There're reports in GO SECTOOLS that'll show this,
> including mismatches
> between user class and special authorities. There's also a
> PRTQAUT command
> that can be called from that menu.
> 
> HTH
> 
> Vern
> 
> At 10:51 AM 6/23/2003 -0400, you wrote:
> >Is there a way, short of running a third part application
> to secure an
> >outq. I've tried giving *public *exclude authority to the
> outq, but users
> >can still see the outq and its contents. Maybe an exit
> point or something.
> >
> >Thanks,
> >
> >Mark
> >
> >Mark D. Walter
> >Senior Programmer/Analyst
> >CCX, Inc.
> >mwalter@xxxxxxxxxx
> >http://www.ccxinc.com
> 
> 
> _______________________________________________
> This is the Midrange Systems Technical Discussion
> (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit:
> http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the
> archives
> at http://archive.midrange.com/midrange-l.
> 
> 
> 
> 
> 
> _______________________________________________
> This is the Midrange Systems Technical Discussion
> (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit:
> http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the
> archives
> at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.