Question & Answer
Question
Is there a way to prevent users from displaying QSYSOPR and replying to messages?
Answer
Responding to messages requires *USE and *ADD authorities to the message queue. Removing messages requires *USE and *DLT authorities. Give the authority to respond to and remove messages in QSYSOPR only to users with system operator responsibility. Public authority to QSYSOPR should be *OBJOPR and *ADD, which allows adding new messages to QSYSOPR.
You should use the EDTOBJAUT command and do the following:
1. Type EDTOBJAUT QSYSOPR *MSGQ and press Enter.
2. Press F11 to display detailed object authority information.
3. Give the public *OBJOPR authority, as shown on the sample display, and press Enter:
Edit Object Authority
Object . . . . . . . : QSYSOPR Owner . . . . . . . : QSYS
Library . . . . . : QSYS Primary group . . . : *NONE
Object type . . . . : *MSGQ
Type changes to current authorities, press Enter.
Object secured by authorization list . . . . . . . . . *NONE
Object
----------Object-----------
User Group Authority Opr Mgt Exist Alter Ref
*PUBLIC USER DEF X
4. The system changes the Object Authority column to USER DEF (User defined).
5. Press F11 again to display detailed data authority information.
6. Give the public *ADD authority, as shown on the sample display, and press Enter.
Edit Object Authority
Object . . . . . . . : QSYSOPR Owner . . . . . . . : QSYS
Library . . . . . : QSYS Primary group . . . : *NONE
Object type . . . . : *MSGQ
Type changes to current authorities, press Enter.
Object secured by authorization list . . . . . . . . . *NONE
Object
---------------Data---------------
User Group Authority Read Add Update Delete Execute
*PUBLIC USER DEF X
7. Use F6 (Add Users) to add users who need to respond to QSYSOPR messages. Give them *CHANGE authority.
Important Note: Do not make the public authority *EXCLUDE. All jobs (and users) must be able to add messages to the QSYSOPR message queue.
Was this topic helpful?
Document Information
Modified date:
18 December 2019
UID
nas8N1020399