Troubleshooting
Problem
This document provides information about securing an output queue so that only some users can view it, move or print spooled files, and so on.
Resolving The Problem
How do I secure an output queue so that only some users can view it, move or print spooled files, and so on?
Answer:
An output can be designated so that some users may not use it at all, some users may view or change only their own spooled files, that is, spooled files they created, and some users may view or change anything in the output queue.
In the following example, assume that the name of the output queue being secured is MYOUTQ.
Add users with authorities as specified above; for example, *CHANGE means the user has all authority to all spooled files in the output queue, *USE means the user has authority only to spooled files he/she created, and so on.
Answer:
An output can be designated so that some users may not use it at all, some users may view or change only their own spooled files, that is, spooled files they created, and some users may view or change anything in the output queue.
| Caution: Any user with *SPLCTL or *ALLOBJ special authority in the user profile can view any spooled file on the system regardless of any other measures taken to secure the output queue. |
In the following example, assume that the name of the output queue being secured is MYOUTQ.
| 1. | On the operating system command line, type the following: CHGOUTQ OUTQ(MYOUTQ) DSPDTA(*NO) OPRCTL(*NO) AUTCHK(*DTAAUT) Press the Enter key. Note: If you prefer to use CHGOUTQ and prompt with F4, then: DSPDTA is Display any file. OPRCTL is Operator controlled. AUTCHK is Authority to check. *DTAAUT means that authority to spooled files in the output queue is determined by authority to the output queue object itself. |
| 2. | On the operating system command line, type the following: WRKOBJ MYOUTQ Press the Enter key. You will see something similar to the following: Opt Object Type Library Attribute Text __ MYOUTQ *DEVD QSYS PRTLCL __ MYOUTQ *OUTQ QUSRSYS __ MYOUTQ *MSGQ QGPL Type 2 next to the object of type *OUTQ to edit authority. You will see something similar to the following: Object User Group Authority LUCY *CHANGE QSPL *CHANGE SAM *USE *PUBLIC *EXCLUDE Users with authority of *CHANGE, such as Lucy, can view, print, change, delete, and so on, any item in the output queue, regardless of whether they created it themselves. Users with authority of *USE, such as Sam, can view, print, change, delete, and so on, only items in the output queue that they created themselves. Users with authority of *EXCLUDE, such as *PUBLIC, cannot view, print, change, delete, and so on, anything on the output queue. They cannot create anything on the output queue and cannot move anything into the output queue. Any user not specifically designated (that is, any user who has no private authority) fall under the authority of *PUBLIC. Since the majority of users are normally kept out of a sensitive output queue, the authority for *PUBLIC is usually *EXCLUDE on a secured output queue. To add additional users to the list of those with authority to the output queue, press F6. You will see something similar to the following: Object User Authority _______________ ______________ |
Add users with authorities as specified above; for example, *CHANGE means the user has all authority to all spooled files in the output queue, *USE means the user has authority only to spooled files he/she created, and so on.
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"6.1.0"}]
Historical Number
8001115
Was this topic helpful?
Document Information
Modified date:
16 September 2020
UID
nas8N1010254