I need a little help with my security model. I don't want users to have access to other OUTQ's.
User "A" is a *USER with *SPLCTL & *JOBCTL special authorities. These are necessary to run their jobs and view and print their spool files.
User Object Authority OUTQ B has. *PUBLIC *EXCLUDE
How do I get user A to not be able to view or change OUTQ B's files?
You must remove their *SPLCTL special authority. *SPLCTL is the equivalent of *ALLOBJ - only for spooled files. In other words, you cannot prevent a user that has *SPLCTL from accessing spooled files. You will need to take a look at the attributes of the outq the spooled files are going into. Depending on how the outq is created and whether or not a user has *JOBCTL will determine whether a user can see the spooled files. Take a look at either Chapter 6 in the iSeries Security Reference manual or Chapter 6 in my book, Implementing AS/400 Security, for a chart that lists the outq attributes and their effect on whether users with *JOBCTL can access the spooled files. If you find that you need to change the outq attributes, you will have to delete and then recreate the outq with the new attributes.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400 Featured Topic: Secure your iSeries
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
On AS/400, the journal type AF subtype K, shows that a user profile lacks the special authority required by the function attempting to run. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.