When I run with UserID %%SERVER%% (my original setting), no one can
access any of the spool file info which the WRKCGISPLF loads up.

That means that the server's userid (typically QTMHHTP1) doesn't have *JOBCTL authority.

When I run with UserID %%CLIENT%%, anyone can access any of the spool
files which come up.  A general user ID can get the QSECOFR spool files
to display.

Maybe your general user ID has *JOBCTL authority? Can that user access the spooled files from a normal signon screen? If so, UserID %%CLIENT%% is behaving as designed.

UserID %%CLIENT%% just tells it to run CGI programs with the userid that was passed in via basic or digest authentication from the browser. That means that your CGI program should have the exact same authorities as the user whose name/pass was keyed into the browser.

I know that our users with *JOBCTL have access to view QSECOFR (or anyone else's) spooled files, even if they don't have *ALLOBJ or any other special authority level. I suspect yours are the same.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.