Sorry, you need to enable JavaScript to visit this website.

Spool Control

Submitted on Thu, 22.08.2019 - 00:10

Spool control special authority allows a user to access all spool files on all output queues on the entire system - including reports on protected output queues.

 


Countermeasures:

  • Grant spool control special authority and access to output queues on a need to use basis
  • Use exit point software for the NETPRT service.
  • Security relevant reports should be removed after usage

 

Youtube Video: IBM i (AS/400, iSeries) Security 4 - Spool Control

Description: The video compares spool file access to non-public output queues.

Sys_1 *NONE
Sys_2 *ALLOBJ
Sys_3 *JOBCTL
Sys_4 *SPLCTL

(SYS_1, SYS_2... are names in my host table, pointing to the same system, but with different users).