Problem solve Get help with specific problems with your technologies, process and projects.

How can I secure my printers?

We are a fairly large shop, and have remote users that have their own printers. The other day, somebody printed a very sensitive report to another location. What can I do to secure our printers? I have looked high and low all over the Web and can't find anything that works. Can you give me something specific that will work?
By default, users can only view or manipulate the spooled files that they have created. Whether someone can view or manage someone else's spooled file depends on two things -– whether the user has *SPLCTL and the security-relevant attributes of the OUTQ in which the spooled file resides.

If the user has *SPLCTL, you cannot prevent them from printing or viewing any spooled file. You should think of *SPLCTL as the "*ALLOBJ" of spooled files. Next, you need to look at the settings of the Display data (DSPDTA), Operator Control (OPRCTL) and the Authority to Check (AUTCHK) attributes of the outq. Chapter 6 of the iSeries Security Reference manual (available from the Information Center), as well as Chapter 9 in my book, Experts' Guide to OS/400 and i5/OS Security) provide charts explaining how these parameters work together as well as what happens if the user has *JOBCTL special authority.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Visit the ITKnowledge Exchange and get answers to your security questions fast.

Dig Deeper on Printing on iSeries

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.