× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



> Authority to a spool file IS filtered through an output queue.
i think yes, "but ...  ".
I  used qsecofr to create & own both an outq & the lib it is in, and
excluded *public from both. Copied 2 spools into the outq, created a new
profile, user class *user & only special attr was *splctl.
New user can read & display all spools in qsecofr owned & *public excluded
outq.
It's a lengthy explanation as to how to setup secure outqs (see prev posts
or better yet, Security Ref or I like Carol Woodbury's Security book and
it's detailed explanation).
I think the key is the CRTOUTQ  parm DSPDTA  with default *NO and here is
help text:
( and note the phrase "unless they have some special authority" (which is
*splctl))
                    Display any file (DSPDTA) - Help
Specifies whether users who have authority to read the output queue can
display the data of any spooled file on the queue or only the data in
their own files.
*NO
    Users authorized to use the queue can display, copy, or send the
    data from their own files only, unless they have some special
    authority.
 *YES
    Any user having authority to read the queue can display, copy, or
    send the data of any file on the queue.

jim franz

----- Original Message ----- 
From: <rob@xxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Thursday, September 23, 2004 5:21 PM
Subject: RE: [SPAM] Re: Not authorized to spooled file - CPF3492


> Authority to a spool file IS filtered through an output queue.
>
>
> Rob Berendt
> -- 
> Group Dekko Services, LLC
> Dept 01.073
> PO Box 2000
> Dock 108
> 6928N 400E
> Kendallville, IN 46755
> http://www.dekko.com
>
>
>
>
>
> Vern Hamberg <vhamberg@xxxxxxxxxxxxxxxxxxxxxxxxx>
> Sent by: midrange-l-bounces@xxxxxxxxxxxx
> 09/23/2004 04:06 PM
> Please respond to
> Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
>
>
> To
> Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
> cc
>
> Fax to
>
> Subject
> RE: [SPAM] Re: Not authorized to spooled file - CPF3492
>
>
>
>
>
>
> An outq is a list - it does not actually contain any spooled files. Those
> are a kind of abstraction - the actual "file" is part of a physical file
> member in library QSPL. AFAIK, authority to a spooled file is not filtered
>
> through the outq, so a command like DSPSPLF can be run without using
> option
> 5 on a WRKOUTQ panel.
>
> Could be wrong, however.   ;-)
> Vern
>
> At 03:43 PM 9/23/2004, you wrote:
> >If you have *splctl, but you are excluded from the library where the outq
> >is, how can you get at the splf?
> >
> >-----Original Message-----
> >From: midrange-l-bounces@xxxxxxxxxxxx
> >[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz
> >Sent: Thursday, September 23, 2004 3:38 PM
> >To: Midrange Systems Technical Discussion
> >Subject: [SPAM] Re: Not authorized to spooled file - CPF3492
> >
> >just be aware *splctl is the "qsecofr" of spool files.
> >any user with splctl can view any spool file (payroll, etc).
> >jim



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.