If an iSeries user's Limited Capabilities parameter is set to *YES and they are using WinSpool/400, Email Report Server, Fax Report Server or Batch Report Server, you need to set up the user so that they can access WinSpool/400 without compromising the iSeries security for limited capability users.

Setting up WINSPOOL Library to Allow Limited Capabilities Users to access WinSpool/400 Commands

Prerequisite: The following instructions require WinSpool/400 version 3.44 or above.
  1. Set all commands in the WinSpool/400 library to use adopted authority:

    CHGPGM PGM(WINSPOOL/*ALL) USEADPAUT(*YES) 

  2. Grant appropriate authority to all the objects in the WINSPOOL library:

    GRTOBJAUT OBJ(WINSPOOL/*ALL) OBJTYPE(*ALL) USER(*PUBLIC) AUT(*USE)   

  3. Grant appropriate authority to the WINSPOOL library object in the QSYS library:

    GRTOBJAUT OBJ(QSYS/WINSPOOL) OBJTYPE(*LIB) USER(*PUBLIC) AUT(*USE)

    WinSpool/400 security is now set to use WinSpool/400's TCP/IP APIs.

    Note: Each iSeries' security options are set differently. If you still receive errors from WinSpool/400, Batch Report Server, Email Report Server or Fax Report Server after making the above changes, see the following instructions.

Determining which commands users with limited capabilities cannot access

If you still receive errors after updating the WINSPOOL library as suggested above:
  1. In the WinSpool/400, Email Report Server, Fax Report Server, or Batch Report Server settings, enable Generate joblog option after download pass.
  2. View the job log to see exactly which commands are failing.
  3. For each command that is failing, run CHGCMD for the command to allow limited capabilities.

    For example: To change CPYSPLF to allow limited-capability access:

    CHGCMD CMD(CPYSPLF) ALWLMTUSR(*YES)

  4. Repeat steps 1-3 until all failing commands are set to allow limited capabilities.

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: December 10, 2016