Good News Everybody!
The new search engine is LIVE!
Please report any problems to david (at) midrange.com.
|
On 22 Apr 2004 at 13:07, John Earl wrote: > First rule - any user with *SPLCTL special authority can get to every > spooled report in every out queue. Game over. If you don't want > someone to see a report make sure that they don't have *SPLCTL. No prob. All users have no special authorities and are set to lmtcpb *yes. > > Second Rule - A user with *ALLOBJ special authority can achieve *SPLCTL > Special Authority in two seconds. See rule 1. No prob. We trust the people that have *allobj. > > Third Rule - A user with *JOBCTL special authority can get to any spool > file in any out queue where the out queue is defined as OPRCTL(*YES). > The purpose of the OPRCTL(*YES) parameter is to allow system operators > who have *JOBCTL Special Authority to bypass the object and out queue > authorities. If you don't want someone to see what's in an out queue, > make sure that either A) they don't have *JOBCTL and/or B) the out queue > is defined as OPRCTL(*NO) See above 2 replies. > > Whew! There is more, but go grab the Security Reference Guide and I > think you can muscle through it from there. I'll sure take a look. But from what you say, my security concept should work for our standard users. Thanks, Oliver
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
