|
midrange.com
Mihael Knezevic wrote on 05/12/2005 03:24:55 AM:
> i got a little problem understanding the keyword AUTCHK of an outqueue.
>
> my understanding is that if i put *DTAAUT in AUTCHK then the user with
the
> *R(ead) data authority can read any spool from any user in that specific
> outqueue.
>
> i checked the data authority on the outqueue with:
>
> DSPAUT OBJ('/QSYS.LIB/QGPL.LIB/TESTOUTQ.OUTQ')
>
> and got:
>
> <snip>
> TESTMK *RX
> </snip>
>
> so the user TESTMK has the data authority read and execute. should be
enough
> for reading a spool file, or not?
>
> but the user can't read a spool file that is not his own in that
> outqueue. can
> anybody explain this to me?
>From Appendix D of the Security Reference manual, my understanding is that
when DSPDTA is *NO and AUTCHK is *DTAAUT then a user without *SPLCTL
special authority will need *READ, plus *ADD plus *DLT authority to the
output queue to display some other users spooled files. There are other
ways they can be authorized to display the spooled files such as when
OPRCTL is *YES and they have *JOBCTL special authority, or when DSPDTA is
*YES and they have *READ authority to the output queue, or when AUTCHK is
*OWNER and they are the owner of the output queue.
Ed Fishel,
edfishel@xxxxxxxxxx
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
