There is also a low tech solution:

1. Create group that would serve as a temporary staging area.

2. Have a batch job that reads user requests from a message file,
   creates a copy (after some validation) of the requested spoolfile
   into the staging area, releases the new file and communicates
   back to the user its name.

3. Have a command file or system wide UDC that passes the user's
   request to the batch job, evaluates its response and invokes
   the spoolfile 'download' function.


I'm using something similar to allow our programmers to use our paging
software since we only have one outgoing modem.

Regards
Paul H. Christidis

______________________________ Reply Separator _________________________________
Subject: Re: spool file security
Author:  [log in to unmask] at mime
Date:    11/19/98 09:31


 In <"LIHAMPT2-981119165938Z-9885*/PRMD=LUCASVARITY/ADMD= /C=US/"@MHS>
   [log in to unmask] writes:

> We have a need for users to be able to download spool files (they are not the
> eator of)
> to their PC.  When this was one or two users, we just gave them OP capability
> and that
> solved the problem.  Now this number of users is growing and the "brute force"
> solution
> is getting more undesireable.

If you have Security/3000, you can create a script for them that initiates
the download, using the WITHCAPS function to "allow" OP capability for a
specific command(s) only.

   -Chris (remove nospam) Bartram