|
At 10:35 AM 1/20/98 -0500, you wrote: >My operator recently had the following problem: > >A user deleted our water & sewer bills in an attempt to get rid of one of their print jobs. Is there a way to allow user to be "empowered" yet protect our important jobs? > I havn't found a way to give users authority to control printers and yet not enough authority to delete spool files. The problem is that once a printer prints a file, the file is deleted from the outq. This implies that anyone who can print a file has the ability to delete it. Additionally, one of the rules of spool files is that a user that creates a spool file will always have authority to delete that spool file. This is true even if the spool file is put into an outq to which the user has *EXCLUDE authority (They can use commands like WRKJOB and WRKSPLF to hammer it). Ownership of a spool file confers *ALL authority to that file. The only ways I've found to prevent inadvertant deletes are A) Duplicate the spool file into a safe place either through the use of the DTAQ support and SNDNETSPLF, or through some utility that copies the spool file to a database file such as the TAATOOL DSPSPLCTL. In order for the spool file to be safe you must perfrom the duplication with a "production profile" (as opposed to some user's profile) and the 'to' out queue must be secured against public access. OR B) Write a validity checker program for the DLTSPLF command that specifies that only user X can delete spoolfile Y. Or only user X can delete spool files from outq Z. However, this merely inhibits well intentioned users because it does not prevent other deleting acvtivities such as CLROUTQ, etc. hth, jte -- John Earl Lighthouse Software Inc. 8514 71st NW Gig Harbor, WA 98335 253-858-7388 johnearl@lns400.com Without Lighthouse Network Security/400, your AS/400 is wide open. +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to "MIDRANGE-L@midrange.com". | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
