Dan we overcame this for our programming staff by writing our own "DSPJOB" command. All you nned to do is to have a cl program that accepts the fully qualified job name and executes the DSPJOB JOB(123456/user/job) OPTION (*JOBLOG) command. The CL program needs to adopt the autority needed. ------------------------- Bryan Dietz 3X Corporation "Bale, Dan" <D.Bale@handleman.co To: <firstname.lastname@example.org> m> cc: Sent by: Subject: RE: [Security400] DSPJOBLOG needs *JOBCTL authority? security400-admin@mi drange.com 09/26/2001 11:42 AM Please respond to security400 This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] "fundle"? Uh, Anton, your translator garbled something there. <g> You know what, though, I think I like that word. "Don't fundle around with that!" Anyway, I concur with what you said about "fiddling" with IBM objects. Normally I would simply take the approach you suggested, creating a separate program with parms to call the DSPJOBLOG command with *OWNER adopted authority yada yada. The problem with that scenario is that the user was attempting to view the job log of an active job using option 10 from the "Work with Job" menu. AFAIK, my only hope is to create my own DSPJOBLOG command that appears higher in the library list than the one in QSYS. This command's CPP would do the things you suggested and I presume this would work as a solution. This assumes that option 10 does not qualify the DSPJOBLOG command (and how would one determine that?) But what a mess! Now I have to create a new library that has to be put above QSYS in the system library list by changing the QSYSLIBL system value. Our QA & Security Audit teams will have a fun time with that. Dan Bale IT - AS/400 Handleman Company 248-362-4400 Ext. 4952 D.Bale@Handleman.com > -----Original Message----- > From: Anton Gombkötö [SMTP:email@example.com] > Sent: Wednesday, September 26, 2001 11:20 AM > To: firstname.lastname@example.org > Subject: Re: [Security400] DSPJOBLOG needs *JOBCTL authority? > > Dan, > > I wouldn't fundle around with IBM's commands or command processing > programs. > PTF's could remove your changes easily to mention just one reason. > > I'd create a little program with the DSPJOBLOG with the desired parms > in it > and change this program to use *OWNER rights. And make a powerful > enough > user the owner of it. If you want, you can then set the access rights > to > this program to allow only your "system operator-type users" to use > it. > > > > Mit freundlichen Grüssen / best regards > > Anton Gombkötö > > Avenum Technologie GmbH > Wien - Mattsee - Stuttgart > e-mail Office : mailto:Anton.Gombkoetoe@avenum.com > Homepage : http://www.avenum.com > _______________________________________________ This is the Security Administration on the AS400 / iSeries (Security400) mailing list To post a message email: Security400@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/security400 or email: Security400email@example.com Before posting, please take a moment to review the archives at http://archive.midrange.com/security400.