Job queue security

You can maintain a level of security with your job queue by authorizing only certain persons (user profiles) to that job queue. In general, there are three ways that a user can become authorized to control a job queue (for example, hold or release the job queue).

• User is assigned spool control authority (SPCAUT(*SPLCTL)) in the user profile.
• User is assigned job control authority (SPCAUT(*JOBCTL)) in the user profile and the job queue can be controlled by the operator (OPRCTL(*YES)).
• User has the required object authority to the job queue. The required object authority is specified by the AUTCHK parameter on the CRTJOBQ command. A value of *OWNER indicates that only the owner of the job queue is authorized via the object authority for the job queue. A value of *DTAAUT indicates that users with *CHANGE authority for the job queue are authorized to control the job queue.
  Note: The specific authority required for *DTAAUT are *READ, *ADD, and *DLT data authority.

These three methods of authorization apply only to the job queue, not to the jobs on the job queue. The normal authority rules for controlling jobs apply whether the job is on a job queue or whether it is currently running.