|
By default, users can only view or manipulate the spooled files that they have created. Whether someone can view or manage someone else's spooled file depends on two things -– whether the user has *SPLCTL and the security-relevant attributes of the OUTQ in which the spooled file resides.
If the user has *SPLCTL, you cannot prevent them from printing or viewing any spooled file. You should think of *SPLCTL as the "*ALLOBJ" of spooled files.
Next, you need to look at the settings of the Display data (DSPDTA), Operator Control (OPRCTL) and the Authority to Check (AUTCHK) attributes of the outq. Chapter 6 of the iSeries Security Reference manual (available from the Information Center), as well as Chapter 9 in my book, Experts' Guide to OS/400 and i5/OS Security) provide charts explaining how these parameters work together as well as what happens if the user has *JOBCTL special authority. ==================================
MORE INFORMATION ON THIS TOPIC
==================================
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Visit the ITKnowledge Exchange and get answers to your security questions fast.
|
