I've tried everything I can think of.
EXAMPLE: A user is in CHGSPLFA and changes one of his/her spooled files to OUTQ(whatever)instead of the OUTQ the user is supposed to send it to.
I know a user can be restricted from viewing files in an OUTQ.
My question for you Carol is this.... is there a way to have the 400 stop a user from sending spooled files to certain OUTQ's?
We cannot have sensitive data being sent to the wrong OUTQ's.
Have you tried changing the authorities on the OUTQ'S themselves? Assuming that the users don't have *SPLCTL special authority, the user will have to have *READ authority to the target output queue. You need *READ authority for most spooled file operation so once you remove it, they probably won't be able to do much of anything with that OUTQ. If the user has *SPLCTL, you don't have much hope of gaining control over this problem.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400 Featured Topic: Secure your iSeries
Dig Deeper on iSeries physical security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
When error messages arise concerning attempts to use a permanent system object without authority, find the source of the issue by looking for an AF ... Continue Reading