|
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-
bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Thursday, March 27, 2008 8:26 AM
To: Midrange Systems Technical Discussion
Subject: Re: Giving users "deposit" access to an output queue.
I was really hoping to not have to change all programs that use SBMFAX to
change the overrides on the spool file.
Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
CRPence <crp@xxxxxxxxxxxxxxxxxxxx>
Sent by: midrange-l-bounces@xxxxxxxxxxxx
03/26/2008 08:43 PM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
To
midrange-l@xxxxxxxxxxxx
cc
Subject
Re: Giving users "deposit" access to an output queue.
I do not think you want *DTAAUT; perhaps AUTCHK(*OWNER).?
?CHGOUTQ
Authority to check (AUTCHK) - Help
*DTAAUT
Any user with add, read, and delete
authority to the output queue can
control all spooled files on the queue.
AFaIK the DLTSPLF does not care about in which OUTQ the spool file
resides if it is the owner of the spool file requesting the delete; i.e.
the user that owns the spool can always delete? Pg434 v5r4: Note 1 in
the Security Reference for "Spool Commands", DLTSPLF, "Users are always
authorized to control their own spooled files."
If the spool file is created to an alternate owner [see SPLFOWN() in
OVRPRTF for example], then the user would not be able to modify\delete
the spool given the OUTQ has OPRCTL(*NO) and/or the user has no special
authorities to control job\spool... where controls are limited to the
*OWNER of the queue and/or file.
Regards, Chuck
--
All comments provided "as is" with no warranties of any kind
whatsoever and may not represent positions, strategies, nor views of my
employer
rob@xxxxxxxxx wrote:
I want users to be able to put any spool file into a particular
output queue. However, once it is there, they cannot delete it, etc.
They're interfering with FAX/400.
I tried creating the output queue with AUTCHK(*DTAAUT) and making
*PUBLIC *USE however they could still delete the spool file. If I
make it *EXCLUDE they cannot deposit. So I left it *EXCLUDE and
they could do a SBMFAX and that process (running under a different
profile) would then put it into that output queue. However, they
could still delete the spool file while it was in that output queue.
I have "Display any file" set to *NO.
With this authority they cannot display or delete other spool files
on that output queue, however they can still abuse their own and I'd
like to stop that.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
