Re: Securing an output queue -- MIDRANGE-L

http://faq.midrange.com/data/cache/47.html

Jim Oberholtzer
CEO/Chief Technical Architect
Agile Technology Architects, LLC

On 4/21/2010 7:32 PM, John Earl wrote:

*This message was transferred with a trial version of CommuniGate(r) Pro*
Jim,

Likely. Where can I find the FAQ's for formatting guidance?

jte

On Apr 21, 2010, at 2:39 PM, Jim Oberholtzer wrote:

Hey John,

Any chance you can turn that into an FAQ for the midrange wiki?

Jim Oberholtzer
CEO/Chief Technical Architect
Agile Technology Architects, LLC

On 4/21/2010 4:18 PM, John Earl wrote:

*This message was transferred with a trial version of
CommuniGate(r) Pro*
If the developers have either *JOBCTL or *SPLCTL, and the
OPRCTL(*YES)
parameter is specified on the OUTQ, the developers will be able to
use
and work with the OUTQ. One way to correct this is to turn the
OPRCTL
parameter on the OUTQ to *NO.

Assuming programmers have *JOBCTL, here is what I would do....

1) Make the OUTQ *OPRCTL(*NO)
2) Create a Group Profile for all developers
3) Add the Group Profile to the OUTQ with an authority of *EXCLUDE
4) Give the authorized user Group(s) *CHANGE (authorized users could
be *PUBLIC now that the programmers are excluded.)
5) If there are any *JOBCTL or *SPLCTL users (SysOpers?) who you want
to be able to manage the OUTQ, give them *CHANGE authority as well.

HTH,

jte

On Apr 21, 2010, at 1:40 PM, Dean.Eshleman@xxxxxxxxxxxxxx wrote:

Hi,

I'm trying to secure a production output queue to keep developers
from
putting spool files in it and I'm struggling with how to do that.
Here
are the current settings on the output queue:

Display any file *NO
Operator controlled *YES
Authority to check *OWNER

Object authority on the queue is as follows:

*PUBLIC *USE
*GROUP MYGROUP *ALL
QSPL *CHANGE
QSYSOPR *ALL

I have read the help regarding these parameters and I'm not sure
what to
change. I'm thinking that I change Authority to check to *DTAAUT
and then
add object authority for the various developer groups and set them
to
*USE. I would probably need to change *PUBLIC to *CHANGE so that
they can
add spool files to the queue. Is this the correct approach?

TIA

Dean Eshleman,
Software Development Architect
Mennonite Mutual Aid, Inc.
Phone: (574) 533-9511 x528

______________________________________________________________________
Confidentiality Notice: This information is intended only for the
individual or entity named. If you are not the intended recipient,
do not use or disclose this information. If you received this e-
mail in error, please delete or otherwise destroy it and contact us
at (800) 348-7468 so we can take steps to avoid such transmissions
errors in the future. Thank you.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
John Earl
President and CEO
Patrick Townsend Security Solutions
"The Encryption Company"

Olympia, WA | www.patownsend.com
Office: 360-357-8971 Ext 118

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
John Earl
President and CEO
Patrick Townsend Security Solutions
"The Encryption Company"

Olympia, WA | www.patownsend.com
Office: 360-357-8971 Ext 118