User "A" is a *USER with *SPLCTL & *JOBCTL special authorities. These are necessary to run their jobs and view and print their spool files.
User Object Authority OUTQ B has. *PUBLIC *EXCLUDE
How do I get user A to not be able to view or change OUTQ B's files?
You must remove their *SPLCTL special authority. *SPLCTL is the equivalent of *ALLOBJ - only for spooled files. In other words, you cannot prevent a user that has *SPLCTL from accessing spooled files. You will need to take a look at the attributes of the outq the spooled files are going into. Depending on how the outq is created and whether or not a user has *JOBCTL will determine whether a user can see the spooled files. Take a look at either Chapter 6 in the iSeries Security Reference manual or Chapter 6 in my book, Implementing AS/400 Security, for a chart that lists the outq attributes and their effect on whether users with *JOBCTL can access the spooled files. If you find that you need to change the outq attributes, you will have to delete and then recreate the outq with the new attributes.
================================== MORE INFORMATION ON THIS TOPIC ==================================
The Best Web Links: Tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400 Featured Topic: Secure your iSeries
This was first published in August 2002