My 400 shop is at security level 30. I would like to change my operators profile to include *iosyscfg, *jobctl, *savsys, and *secadm. I want my operators to be able to look at joblogs. Shouldn't *jobctl give them this ability? I am still running into "not authorized to view" errors.
Users can see and work with spooled files based on how the output queue was created as well as whether they have *JOBCTL or *SPLCTL special authority. *SPLCTL is the equivalent of *ALLOBJ only for spooled files. They can work with all spooled files on the system -- not usually the scope most organizations want to give their operators. To understand how *JOBCTL works with the outq attributes, check out the iSeries Security Reference manual, Chapter 6 or my book Implementing AS/400 Security - Chapter 6. Both books have a table that explains the settings. Use the OS/400 command Print Queue Authority (PRTQAUT) command to list the outqs and their security attributes.
One last thing. Do you realize the power you are giving your Operators? If you do and it's the business decision that you are making, that's fine. Giving Operators *IOSYSCFG gives them the capability to configure all aspects of communications, including changing the configuration of TCP/IP servers, etc. Giving them *SECADM gives them the capability to create user profiles and then manage those profiles.
Dig Deeper on iSeries physical security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
On AS/400, the journal type AF subtype K, shows that a user profile lacks the special authority required by the function attempting to run. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.