Re: Securing an output queue

[Dean.Eshleman@xxxxxxxxxxxxxx]

None of the developers have *ALLOBJ or *SPLCTL, so that isn't an issue.

Dean Eshleman,
Software Development Architect
Mennonite Mutual Aid, Inc.
Phone: (574) 533-9511 x528

On Wed, 21 Apr 2010 15:52:28 -0500, in midrange.midrange-l you wrote:

> Dean -
>
> If any of the developers have *ALLOBJ or *SPLCTL special authorities,
> then you won't be able to secure them from it without removing those 
special 
> authorities.
>
> - sjl
>
>
> Dean wrote:
>
>  I'm trying to secure a production output queue to keep developers from
>  putting spool files in it and I'm struggling with how to do that.  Here
>  are the current settings on the output queue:
>
>  Display any file *NO
>  Operator controlled *YES
>  Authority to check *OWNER
>
>  Object authority on the queue is as follows:
>
>  *PUBLIC                                   *USE
>  *GROUP      MYGROUP      *ALL
>  QSPL                                         *CHANGE
>  QSYSOPR                              *ALL
>
>  I have read the help regarding these parameters and I'm not sure what 
to
>  change.  I'm thinking that I change Authority to check to *DTAAUT and 
then
>  add object authority for the various developer groups and set them to
>  *USE.  I would probably need to change *PUBLIC to *CHANGE so that they 
can
>  add spool files to the queue.  Is this the correct approach?