Tweet
Dave Tomlin originally submitted this post on 2/7. I am hoping that there may be some new ideas on this topic, though. I am running V4R4. We have an outq that is owned by QSECOFR and has the DSPDTA attribute set to *NO. The outq is authorized to specific users, but is *EXCLUDED to *PUBLIC. When I sign on with an unauthorized user, no *SPLCTL or *ALLOBJ, I am able to access and manipulate all of the files on this "secure" outq. The only commonality between the authorized and unauthorized users is that they share the same group profile. Any thoughts? Anyone? Anyone? John Panzenhagen P.S. David, if you are still on this forum, how did you resolve this?
-
-
OUTQ Security
John, I have seen the posting by Dave and the responses. He skipped out some important details and left everyone hanging. Could you run WRKOUTQD and post it here? -
OUTQ Security
The following is the outq description.Work with Output Queue Description Page 1 5769SS1 V4R4M0 990521 S10A3506 09/26/00 10:15:15 Queue: PAYROLL Library: HRCUST Status: Writer active . . . . . . . . . . . : N Writer name(s) if active . . . . . . : Output queue held . . . . . . . . . : N Maximum spooled file size: Number of pages . . . . . . . . . . : *NONE Starting time . . . . . . . . . . . : Ending time . . . . . . . . . . . . : Writers to autostart . . . . . . . . . : *NONE Display any file . . . . . . . . . . . : *OWNER Job separators . . . . . . . . . . . . : 0 Operator controlled . . . . . . . . . : *YES Order of files on queue . . . . . . . : *FIFO Data queue . . . . . . . . . . . . . . : *NONE Library . . . . . . . . . . . . . . : Authority to check . . . . . . . . . . : *OWNER Remote system . . . . . . . . . . . . : *NONE Remote printer queue . . . . . . . . . : Queue for writer messages . . . . . . : Library . . . . . . . . . . . . . . : Connection type . . . . . . . . . . . : Internet address . . . . . . . . . . . : Destination type . . . . . . . . . . . : VM/MVS class . . . . . . . . . . . . . : FCB . . . . . . . . . . . . . . . . . : Host print transform . . . . . . . . . : User data transform . . . . . . . . . : Library . . . . . . . . . . . . . . : Manufacturer type and model . . . . . : Workstation customizing object . . . . : Library . . . . . . . . . . . . . . : Image configuration . . . . . . . . . : *NONE Destination options . . . . . . . . . : Print separator page . . . . . . . . . : User defined option . . . . . . . . . : *NONE User defined object: Object . . . . . . . . . . . . . . . : *NONE Library . . . . . . . . . . . . . : Object type . . . . . . . . . . . . : User driver program . . . . . . . . . : *NONE Library . . . . . . . . . . . . . . : Spooled file ASP . . . . . . . . . . . : *SYSTEM Text description . . . . . . . . . . . : Output Queue
Comment
-
OUTQ Security
You have the OPRCTL parameter set to *YES. That means that any user who has *JOBCTL special authority will be able to work with entries on this queue. Is this your problem? Do the users in question have *JOBCTL special authority (either directly or through their group profile)? jte MC Security EditorComment
-
OUTQ Security
Unless you specifically *EXCLUDE the individual users, they are authorized by the group profile to the outq.Comment
Comment