Manage Learn to apply best practices and optimize your operations.

Accessing others' spooled files in a secure environment

Learn how to use the 'Authority to Check' parameter to allow other user's to display, change, and delete spooled files.

Our iSeries environment does not allow users to manipulate other users' spooled files. However, for one application, we needed such a capability. Using the 'Authority to Check' parameter will allow other user's to display, change, and delete spooled files... ...even belonging to QSECOFR.

We have a background job that creates labels in spooled files from EDI that needs to be directed toward an actual printer at a later time/date. We couldn't be sure which user would be responsible on the given day for getting the labels printed. So, we needed all users to have access to the labels printed from a job with the user profile of QSECOFR.

We created an output queue LABEDI that with the Authority to Check parameter set to *DTAAUT:

CRTOUTQ OUTQ(QUSRSYS/LABEDI) AUTCHK(*DTAAUT)

For this to work, the *PUBLIC authority to the output queue must have pretty much full authority to the output queue. Use your WRKOBJ command to set the authority and any Joe Blow can redirect the print-outs.

Here's the help text from the AUTCHK parameter on the CRTOUTQ command:

"Any user with add, read, and delete authority to the output queue can control all spooled files on the queue."

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: Tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Read this Search400 Featured Topic: Secure your iSeries


Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close