2.3.4 Setting up the prerequisite product
Register JP1 users (accounts reserved for JP1 only) in JP1/Base, and then set operation permissions for the JP1 users. Then, associate the JP1 users with OS users so that the JP1 users can access OS resources.
Setting up JP1/Base on the manager host consists of the following four steps:
- Setting up an authentication server:
-
An authentication server manages access permissions of JP1 users. Set up the server on which JP1/Base is installed as an authentication server.
- Registering JP1 users in the authentication server:
-
Register JP1 users in the authentication server.
- Setting operation permissions for JP1 users:
-
Set permissions (JP1 permission levels) that allow JP1 users to define and execute applications.
- Setting user mapping:
-
User mapping is an operation to associate JP1 users with OS users on the host on which jobs are executed.
To execute a job in JP1/AJS3, a JP1 user accesses OS resources such as executable files by using permissions of an OS user associated with the JP1 user, and then performs processing. Therefore, the JP1 user must be associated with an OS user on the host on which the job is executed.
The following figure shows an overview of user mapping.
Figure 2‒2: User mapping In this figure, the job executed by the JP1 user user01 on the JP1/AJS3 - View host is executed by the OS user MAN_OSuser on the manager host. If the job is transferred to the agent host, the job is executed by the OS user AGT_OSuser on the agent host.
- Tip
-
Note that for a new installation of JP1/Base, the following information is automatically set as initial settings. If you perform operations using the users in the initial settings, you do not need to set up JP1/Base.
No.
Setting item
Initial settings
1
Setting up an authentication server
Authentication server name
Local host name
2
Registering JP1 users in the authentication server
JP1 user name
jp1admin
3
Password
jp1admin
4
Setting JP1 user operating permissions
JP1 resource group
* (asterisk)
5
Granted permissions
All administration permissions
6
Setting user mapping
JP1 user name to be mapped
jp1admin
7
OS user to be mapped
root
8
Server host name
* (asterisk)
Related topics
- Organization of this subsection
(1) Setting up an authentication server
Set the name of the host used as the authentication server in JP1/Base.
This procedure is not required if you set the local host as the authentication server.
Prerequisites
Log in to the manager host as an OS user with superuser privileges.
Procedure
-
Execute the command as follows:
jbssetusrsrv host-name-of-the-authentication-server
Result
The manager host is set as the authentication server.
Postrequisites
Register JP1 users in the authentication server.
Related topics
(2) Registering JP1 users in the authentication server
Register a JP1 user in the authentication server.
Prerequisites
Log in to the manager host as an OS user with superuser privileges.
Procedure
-
Execute the command as follows:
jbsadduser JP1-user-name
-
Enter the password of the JP1 user according to the instruction.
Result
The JP1 user is registered.
Postrequisites
Set operation permissions for the JP1 user.
Related topics
(3) Setting operation permissions for JP1 users
Set the JP1 permission level for a JP1 user by defining the JP1 resource group and JP1 permission level name for the JP1 user.
Prerequisites
Log in to the manager host as an OS user with superuser privileges.
Procedure
-
Use a text editor such as vi to open the following file (user permission level file):
/etc/opt/jp1base/conf/user_acl/JP1_UserLevel
The following definition is specified in the file by default:
jp1admin:*=JP1_AJS_Admin,JP1_Console_Admin,JP1_JPQ_Admin
-
Set a JP1 resource group and JP1 permission level.
Edit the user permission level file to set a JP1 permission level.
The following shows the coding format of the user permission level file:
JP1-user-name:JP1-resource-group-mame=JP1-permission-level-name:JP1-resource-group-name=JP1-permission-level-name ...
To assign the administrator role for the JP1 resource group * to the JP1 user user01, specify as follows:
user01:*=JP1_AJS_Admin,JP1_JPQ_Admin
-
Save and close the file.
-
Execute the jbsaclreload command.
Result
The JP1 permission level is set for the JP1 user.
Postrequisites
Set user mapping.
Related topics
(4) Setting user mapping
Map the JP1 user to an OS user on the manager host so that the JP1 user can access OS resources on the manager host.
Prerequisites
Log in to the manager host as an OS user with superuser privileges.
Procedure
-
Use a text editor such as vi to open the following file (user permission level file):
/etc/opt/jp1base/conf/user_acl/jp1BsUmap.conf
-
Set user mapping.
Edit the user mapping definition file to set user mapping.
The following shows the coding format of the user mapping definition file:
JP1-user-name:host-name-from-which-to-accept-job-execution-requests:OS-user-name
To map the JP1 user user01 to the OS user MAN_OSuser on the manager host, specify as follows:
user01:*:MAN_OSuser
-
Close and save the file.
-
Execute the jbsmkumap command.
Result
The JP1 user and the OS user on the manager host are mapped.
Postrequisites
Set up JP1/AJS3 - Manager on the manager host.
Related topics
(5) Coding format of the user permission level file
You can set JP1 permission levels by editing the user permission level file.
The following describes the coding format of the user permission level file.
File path
/etc/opt/jp1base/conf/user_acl/JP1_UserLevel
Format
JP1-user-name:JP1-resource-group-name=JP1-permission-level-name:JP1-resource-group-name=JP1-permission-level-name...
-
The following definition is specified in the file by default:
jp1admin:*=JP1_AJS_Admin,JP1_Console_Admin,JP1_JPQ_Admin
-
You can manage units by group by using the provided JP1 resource groups. Specify the name of the JP1 resource group to which the unit you want to operate belongs, or specify a new JP1 resource group name. To define permissions for multiple resource groups, use a colon (:) to separate entries.
-
To define multiple JP1 permission levels, use a comma (,) to separate them.
-
To insert a comment, enter a semicolon (;) at the beginning of the line. The text up to a linefeed is handled as a comment.
- Tip
-
The following describes the JP1 permission level names used in JP1/AJS3:
Classification of operation permissions
JP1 permission level names
Description
Permissions relating to jobnet definition and execution
JP1_AJS_Admin
Administrator role that allows the user to change the unit owner and resource groups, and define, execute, and edit jobnets.
JP1_AJS_Manager
This permission allows the user to define, execute, and edit jobnets.
JP1_AJS_Editor
This permission allows the user to define and edit jobnets.
JP1_AJS_Operator
This permission allows the user to execute and reference jobnets.
JP1_AJS_Guest
This permission allows the user to reference jobnets.
Permissions relating to manipulation of agent management information
JP1_JPQ_Admin
Administrator role that allows the user to add, change, and delete the definitions of execution agents and execution agent groups.
JP1_JPQ_Operator
This permission allows the user to change the job transfer restriction status for execution agents and execution agent groups.
JP1_JPQ_User
This permission allows the user to reference the status and definitions of execution agents and execution agent groups.
- Tip
-
Specify an asterisk (*) for JP1-resource-group-name to allow the JP1 user to access all JP1 resource groups.
Example
The following shows an example of setting JP1 permission levels for the JP1 users user01 and user02:
-
The JP1 user user01 has JP1_AJS_Operator and JP1_JPQ_Operator (execution and reference permissions) for the JP1 resource groups unit01 and unit02.
-
The JP1 user user02 has JP1_AJS_Admin and JP1_JPQ_Admin (administrator roles) for the JP1 resource group *.
-
Permissions assigned to jp1admin by default are retained as they are.
- File editing example
jp1admin:*=JP1_AJS_Admin,JP1_Console_Admin,JP1_JPQ_Admin user01:unit01=JP1_AJS_Operator,JP1_JPQ_Operator:unit02=JP1_AJS_Operator,JP1_JPQ_Operator user02:*=JP1_AJS_Admin,JP1_JPQ_Admin
Related topics
(6) Coding format of the user mapping definition file
You can set user mapping by editing the user mapping definition file and then executing the jbsmkumap command.
The following describes the coding format of the user mapping definition file.
File path
/etc/opt/jp1base/conf/user_acl/jp1BsUmap.conf
Format
JP1-user-name:host-name-from-which-to-accept-job-execution-requests:OS-user-name
-
For JP1-user-name and OS-user-name, specify the users to be mapped.
-
For host-name-from-which-to-accept-job-execution-requests, specify the host that accepts job execution requests.
- Tip
-
Specify an asterisk (*) for host-name-from-which-to-accept-job-execution-requests to accept job execution requests from all hosts.
Example
The following shows an example of setting user mapping for the JP1 users user01 and user02.
-
Jobs defined in JP1/AJS3 - View by the JP1 user user01 are executed on the manager host MAN01.
-
Jobs defined in JP1/AJS3 - View by the JP1 user user02 are executed on unspecific manager hosts.
-
All manager hosts use the OS user name MAN_OSuser to execute jobs.
- File editing example
user01:MAN01:MAN_OSuser user02:*:MAN_OSuser
Related topics