security outq’s
Looking for some help.
is is possible to secure selected users from being able to look at specific outqs
Software/Hardware used:
iseries model 525
is is possible to secure selected users from being able to look at specific outqs
Software/Hardware used:
iseries model 525
ASKED:
April 13, 2010 1:54 PM
UPDATED:
April 14, 2010 8:46 PM
Answer Wiki:
use edtobjaut to restrict obj type *outq for users or users group
To see all answers submitted to the Answer Wiki: View Answer History.
Outq’s can be secured via authorization lists (use groups when possible) with public *exclude. You will also want to check the settings on the outq itself: (5 to display/F21/F13) DSPDTA *YES OPRCTL *NO AUTCHK *DTAAUT. You also want to limit *SPLCTL for all non administrator users.
this is the screen i get when i enter the editobjaut
Object . . . . . . . . . . . . . Name
Library . . . . . . . . . . . *LIBL Name, *LIBL, *CURLIB
Object type . . . . . . . . . . *ALRTBL, *AUTL, *BNDDIR…
ASP device . . . . . . . . . . . * Name, *, *SYSBAS
Output . . . . . . . . . . . . . * *, *PRINT, *OUTFILE
all the users that i want to restrict start with PU. what do i enter in the object field.
i see where you can put *outq in the object type
what do i enter in the object field.
Put the name of the output queue in the object field; also put the output queue library name in the object library field.
For example, by default joblogs go to output queue QEZJOBLOG in library QUSRSYS. QEZJOBLOG would be the object name, and QUSRSYS would be the object library name.
You also want to limit *SPLCTL for all non administrator users.
And that comment from Abigail is on the mark. If users have *SPLCTL, that special authority can trump all other authorities. (That’s why it’s “special”.)
Tom