Justin, 

Granting a user *SPLCTL does for spooled files what *ALLOBJ does for 
object authority.  You won't be able to restrict their access to any 
spooled file on any output queue. However, you can accomplish the access 
control you're looking for. 

Try setting Authority to check to *DTAAUT and display any file to *NO. 
Then use object authority (perhaps at the group level) to the output 
queue.  *EXCLUDE is no access, *USE allows the user to see and work with 
thier own files, and *CHANGE allows the user to manage all the files on 
the queue. 

Setting the OPRCTL parameter to *YES allows a user with *JOBCTL special 
authority to manage the queue even if they don't have authority to 
display/copy/send the files.  Spooled file security on the i-Series is 
very flexible.  Try the settings above and experiment.  Good luck. 

Regards, 

Mark Knoppel, CISSP
Global IT Security Audit Manager, Visteon account
IBM Global Services
6151 Lakeside Dr. Suite 1100, Reno, NV 89511 
Phone/Fax: 916-641-4490 T/L 577-4490

Internet mail: knoppel@xxxxxxxxxx 



Justin Batten <JBatten@xxxxxxxxxxxxxxxxxxxxxx> 
Sent by: security400-bounces@xxxxxxxxxxxx
05/27/2004 01:34 PM
Please respond to
Security Administration on the AS400 / iSeries 


To
"Security400 (E-mail)" <security400@xxxxxxxxxxxx>
cc

Subject
[Security400] Secure OUTQ by user/group






Hello All,

I'm looking for a way to secure spool files in an OUTQ.  I have somewhat
acheived this by setting Auth to chk = *OWNER, oper ctrld = *NO, and 
disply
any file = *OWNER on the OUTQ and then giving *SPLCTL spec auth to the 
users
who need to have access to it.  However, I need to be able to setup 
multiple
OUTQs with different permissions for each.  I don't want all users with
*SPLCTL to be able to see ALL secured spool files.  I would like to be 
able
to say group A can access OUTQ1, group B can access OUTQ2, and so on.  Any
ideas?

Thanks.

Justin Batten
Computer Programmer
Craighead Electric Cooperative Corporation
Jonesboro, AR
(870) 932-8301  ext. 1050
JBatten@xxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400) 
mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.