We all hear that we need to better protect our “sensitive” data. We hear the words sensitive data and immediately turn our attention to our DB2 tables or data physical files. We may make the intense effort required to secure our files and even encrypt the data as it sits in the files.
But when we talk about sensitive data, we often forget that sensitive data is used as the input for our sensitive reports!
Do we secure our output queues and spooled file reports? Naaaa…Well, these spooled files contain the sensitive data that we are trying to protect at the file or field level.
The command presented in this tip lets you easily view a user’s authorities to spooled files sitting in output queues. Can the user view, change, delete, or send the spooled file? Can the user view and print the sensitive report?
Do not be lulled into a false sense of security by simply securing your files–you must also secure your sensitive reports. Remember, these reports contain the sensitive data too!
About the WRKOUTQAUT Command
The Work with Output Queue Authority (WRKOUTQAUT) command is, in essence, an update and enhancement of the DSPOUTQAUT command initially published in System iNEWS in August 1994. This updated version uses APIs instead of CL command outfiles, which makes it execute faster, return authority information about user profiles selected, and use the exact authority rules specified in the iSeries Security Reference’s Appendix D for each output queue and spooled file command involved (as opposed to the more generic rules offered in the iSeries Security Reference’s Authority Required to Perform Printing Functions table–see links at the end of this article for the details).
The WRKOUTQAUT command also lets you position the Work with panel to a specified user profile. It also lets you change the user profile selection criteria from that panel.