FWIW.... In the Carol Woodbury & Pat Botz security book, there is a
program by Paul Tuohy that examines your system and gives good detailed
output of what users can/can't do to various outq's. I haven't had a
chance to try it yet but I'm hoping it will give some good insight on
our spool control.

crp@xxxxxxxxxxxxxxxxxxxx 03/26/2008 4:41:52 PM >>>
I do not think you want *DTAAUT; perhaps AUTCHK(*OWNER).?
Authority to check (AUTCHK) - Help
Any user with add, read, and delete
authority to the output queue can
control all spooled files on the queue.

AFaIK the DLTSPLF does not care about in which OUTQ the spool file
resides if it is the owner of the spool file requesting the delete; i.e.

the user that owns the spool can always delete? Pg434 v5r4: Note 1 in
the Security Reference for "Spool Commands", DLTSPLF, "Users are always
authorized to control their own spooled files."

If the spool file is created to an alternate owner [see SPLFOWN() in
OVRPRTF for example], then the user would not be able to modify\delete
the spool given the OUTQ has OPRCTL(*NO) and/or the user has no special
authorities to control job\spool... where controls are limited to the
*OWNER of the queue and/or file.

Regards, Chuck

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].