1.  Home
  2. MIDRANGE-L
  3. February 2026

Re: Spool file security

There is also a spool file security exit point that can be customized for specific needs. I think this was IBM's response to this issue.

Rich Loeber
Kisco Systems LLC
https://www.kisco.com

________________________________


On 2/26/2026 9:35 AM, Charles Wilt wrote:

Yeah that rings some bells...
I think IBM once documented that payroll scenario..

But I think while you could prevent the operator from viewing it, you
couldn't prevent them from deleting it.

I could be wrong...

Charles

On Wed, Feb 25, 2026 at 3:38 PM Jim Franz <franz9000@xxxxxxxxx><mailto:franz9000@xxxxxxxxx> wrote:



I'm going to suggest something from decades ago (and fading memory) -
because an operator ran a weekly payroll but was not to see the spooled
files...
OVRPRTF and CRTPRTF commands allow the option to assign the *JOB user
profile (and there are other options like group profile...except no option
to a specific user) .
my guess without testing is to get the job of creating the spooled file
assigned to a different user (like sbmjob with user overridden to queue
qusrnomax), plus the ovrprtf (although if job user changed, may not need
ovrprtf)

let us know if this works for you
Jim Franz


On Wed, Feb 25, 2026 at 3:14 PM Charles Wilt <charles.wilt@xxxxxxxxx><mailto:charles.wilt@xxxxxxxxx>
wrote:



Short answer...no.



https://www.ibm.com/docs/en/i/7.6.0?topic=printing-securing-spooled-files


"When you create a spooled file, you are the owner of that file. You can
always view and manipulate any spooled files you own, regardless of how


the


authority to the output queue is defined."

Long answer, you could (maybe) restrict the DLTSPLF command access or


usage


(via a Custom Validity Checking Program)
But there may be other ways that don't use the command. There is for
example a QIBM_XD1_OPNAV_PRINTOUT function ID that probably would need to
be secured.
A quick search didn't show a DeleteSpoolFile API, but maybe I just missed
it. I expected it to be there.

Lastly, you can set up auditing, so that you can at least record the fact
that the user deleted the spool file.
Then you could hit them often enough with a big enough stick so they quit
doing it.

HTH,
Charles

On Wed, Feb 25, 2026 at 12:37 PM DEnglander--- via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>> wrote:



Does anyone know of a way to prevent a user from deleting a spool file


[in


an OUTQ], even through they created the spool file?

Thank you,

Douglas Englander
Senior Programmer/Analyst
The C. D. Hartnett Company – Corporate Offices
1-817-594-3813 ext. 1636

"CONFIDENTIALITY NOTICE: This e-mail transmission (and/or the


attachments


accompanying it) contain confidential information belonging to the


sender.


The information is intended only for the use of the intended recipient.


If


you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution or the taking of any action in


reliance


on the contents of the information is strictly prohibited. Any
unauthorized interception of this transmission is illegal under the


law.


If you have received this transmission in error, please promptly notify


the


sender by reply e-mail, and then destroy all copies of the


transmission."


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing


list


To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx<mailto:support@xxxxxxxxxxxxxxxxxxxx> for any subscription


related


questions.




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing


list


To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx<mailto:support@xxxxxxxxxxxxxxxxxxxx> for any subscription related
questions.




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx<mailto:support@xxxxxxxxxxxxxxxxxxxx> for any subscription related
questions.




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.