8.1.3 Setting JP1 user operating permissions
You must set the JP1 user operating permissions from an authentication server (a primary authentication server). For this setting, you set what kind of operations are permitted to JP1 users (the JP1 permission level) when they operate JP1 resource groups, such as jobs and jobnets.
- Note
-
You can only set operating permissions for jobs and jobnets for which you have specified JP1 resource group names with JP1/AJS. For other jobs and jobnets, all types of access by all JP1 users are permitted.
You can use either the GUI or commands to set operating permissions given to JP1 users. When using the GUI, you can set operating permissions for individual JP1 users. When using commands, you can set operating permissions for a group of JP1 users as well as for individual users.
You can use the GUI or commands to set operating permissions for JP1 users.
- Organization of this subsection
(1) Using the GUI to set JP1 user operating permissions
In the Authentication Server page of the JP1/Base Environment Settings dialog box, you can set the JP1 user operating permissions in the Authority level for JP1 resource group area.
In the JP1 user area of the JP1/Base Environment Settings dialog box, select a user in the User field to set permissions for that user. When you select a user name, the group (JP1 resource group) that the user is permitted to access, and the authority level (JP1 permission level) of that group, appear in the Authority level for JP1 resource group area.
If you click the Add button, or if you select a group in the Group field and then click the Change button, the JP1 Resource Group Details dialog box appears.
|
|
![[Figure]](GRAPHICS/ZU060400.GIF)
In the JP1 Resource Group Details dialog box, set the JP1 resource group and JP1 permission level. If you specify an asterisk (*) as a JP1 resource group, you can access all the JP1 resource groups. For a JP1 user, if you specified an asterisk (*) for the JP1 resource groups, you cannot specify anything other than an asterisk (*).
For details on the JP1 resource groups and JP1 permission levels to be specified, see the manual for the JP1 program that uses JP1/Base user authentication.
(2) Using a command to set operating permissions for multiple JP1 users simultaneously
You can use a command to set operating permissions for multiple JP1 users simultaneously. To do this, define operating permissions in the user permission level file (JP1_UserLevel). After editing the file, execute the jbsaclreload command to apply the settings. For details on the jbsaclreload command, see jbsaclreload in 15. Commands. For details on the user permission level file, see User permission level file in 16. Definition Files.
- Note
-
The user permission level file (JP1_UserLevel) is also used for the GUI. Any information you enter in the GUI will be applied to this file. Likewise, if you edit the file in an editor and then execute the jbsaclreload command, the edited information will be reflected in the GUI.
(3) Using a command to register operating permissions for individual JP1 users
To use a command to add or modify operating permissions for JP1 users, you must create a definition file that describes operating permissions given to each JP1 user you want to register.
You can create the definition file in any location. The file format is the same as that of the user permission level file (JP1_UserLevel). For details on the user permission level file, see User permission level file in 16. Definition Files.
After preparing the definition file, execute the following command to register the information in the definition file with the authentication server:
jbssetacl -f definition-file-name
For details on the jbssetacl command, see jbssetacl in 15. Commands.
(4) Using a command to delete operating permissions for individual JP1 users
To delete operating permissions for a registered JP1 user, execute the following command:
jbsrmacl -u JP1-user-name
Note that this command deletes all operating permissions that have been given to the specified JP1 user.
For details on the jbsrmacl command, see jbsrmacl in 15. Commands.