Comments on: Outq Security

By: bvining

bvining — Sat, 06 Nov 2010 15:33:49 +0000

This may be overkill for your needs, but so others are aware (who may read this thread looking for spool file security access) 7.1 introduced a Spool File Security exit point documented here. This provides for very granular access to spooled reports on your system. Again this might be way more than you were asking for... Bruce

By: tomliotta

tomliotta — Fri, 05 Nov 2010 07:47:20 +0000

…use the DUPSPLF command in the application to create a copy with under a different User…

A DUPSPLF isn’t required. If current-user is set to some application profile when the spooled file is created, it will already belong to another user. No need to duplicate/delete.

Tom

By: batman47

batman47 — Tue, 17 Nov 2009 21:03:39 +0000

Yes, use the DUPSPLF command in the application to create a copy with under a different User and then use DLTSPLF to get rid of the orignal, and then with the proper security settings on the output queue users will only be able to read the spool files. The solved a HUGE problem for us when users would delete spool files used to print invoices.

By: teandy

teandy — Mon, 16 Nov 2009 21:57:38 +0000

As Tom said, you can not stop people from deleting their own spool files. What may be an option is to have the reports run under a special profile that you create for this purpose. That way the spool file no longer belongs to the user and they can not delete it.

I came across this while researching this question:

http://forums.systeminetwork.com/isnetforums/showthread.php?t=50185

You may want to give it a try.

By: tomliotta

tomliotta — Sun, 15 Nov 2009 12:34:51 +0000

You can’t stop users from deleting their own spooled files (even if they only have *READ authority to the *OUTQ). Especially if they have ways of viewing them through system interfaces.

If ALL access is through program control — no WRKJOB, no WRKSPLF, etc. — then as long as the program doesn’t surface a DLTSPLF command and as long as there is no network access via iNav, etc., it can be done. In that case, of course, it doesn’t matter what the authorities or attributes of the *OUTQ are.

Tom