Spool File Authority Using the iSeries Report Downloader

Evergreen Interactive’s iSeries Report Downloader uses ordinary iSeries output queue security to control user access.  That is, if a user can access an outq or a spool file’s contents from a 5250 display command line, then he/she can access them through the Downloader.  Similarly, if a user can’t see the outq or spool file contents from a 5250 command line then he/she won’t be able to access them from the Downloader.

Access to an outq is controlled by two means within iSeries security access to the outq itself and access to individual spool files within an accessible outq.

You control access to the outq by setting its *PUBLIC authority to *EXCLUDE with the Revoke Object Authority CL command:
 
RVKOBJAUT OBJ(QGPL/PAYROLL) OBJTYPE(*OUTQ) USER(*PUBLIC) AUT(*ALL)

Control access to individual spool files’ content within an outq with the Change Output Queue CL command.  For example:

CHGOUTQ OUTQ(QGPL/PAYROLL) DSPDTA(*OWNER)

This specification will only allow a spool file’s owner to access its content.

Then, only those users with explicit authority to the outq may display the spool file entries it contains.  Users with *JOBCTL authority can see the spool file entries in the outq but they may not see the contents.  The owner of the spool file and those with *SPLCTL authority may manage the spool file as well as access its content.  You can test out these features from a 5250 command line – it will work the same with the Downloader.

If you have any questions please feel free to contact me at chris@EvergreenInteractive.com or at 888 821-8218.
 

Chris Peters
Evergreen Interactive Systems