Manage Learn to apply best practices and optimize your operations.

Allow specific users to read the joblog

I would like my computer operators with *SYSOPR authority to have the ability to view job logs when problems arise, but I do not want to give them *SECOFR or all object authority. Is there an easy way to accomplish this?
One of my favorite enhancements of V5R3 is in Application Administration, which is one of the tasks that is listed when you click on the system name in iSeries Navigator. It lets you control all types of functions and in V5R3 has been enhanced significantly. One of the things it lets you do is to allow specific users with *JOBCTL special authority to be able to read the joblog of an *ALLOBJ user. To do that, open iSeries Navigator, right-click on the system name, choose Application Administration (at this point it may need to download code to your PC if you've never done this before) then click on the Host Applications tab, open the Operating System/400 tree, open the All object tree click on Access job log of *ALLOBJ user and click the "Customize" button in the lower right hand corner. Here you can choose the users you want to see the *ALLOBJ user joblogs. Cool, huh?

If you don't have V5R3 or are not planning to upgrade soon, I suggest that you write a version of the DSPJOBLOG command whose command processing program is owned by and adopts the authority of a user with *ALLOBJ.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Visit the ITKnowledge Exchange and get answers to your security questions fast.

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.