Manage Learn to apply best practices and optimize your operations.

Upgrade the security model

I need a little help with my security model. I don't want users to have access to other OUTQ's.


User "A" is a *USER with *SPLCTL & *JOBCTL special authorities. These are necessary to run their jobs and view and print their spool files.

   User     Object Authority  

How do I get user A to not be able to view or change OUTQ B's files?

You must remove their *SPLCTL special authority. *SPLCTL is the equivalent of *ALLOBJ - only for spooled files. In other words, you cannot prevent a user that has *SPLCTL from accessing spooled files. You will need to take a look at the attributes of the outq the spooled files are going into. Depending on how the outq is created and whether or not a user has *JOBCTL will determine whether a user can see the spooled files. Take a look at either Chapter 6 in the iSeries Security Reference manual or Chapter 6 in my book, Implementing AS/400 Security, for a chart that lists the outq attributes and their effect on whether users with *JOBCTL can access the spooled files. If you find that you need to change the outq attributes, you will have to delete and then recreate the outq with the new attributes.


The Best Web Links: Tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Read this Search400 Featured Topic: Secure your iSeries

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.