Hitachi

JP1 Version 12 JP1/Automatic Job Management System 3 Overview


7.1.3 User management using the JP1 administrators group of JP1/Base (UNIX only)

Organization of this subsection

(1) What is the JP1 administrators group?

In JP1/Base, the following types of users perform system management operations such as starting and stopping services, changing environment setting parameters, and creating backups:

The JP1 administrators group is an OS user group set in JP1/Base. OS users who belong to this group are called JP1/Base administrators. JP1/Base administrators are granted access permissions that are almost equivalent to superuser permissions. That is, JP1/Base administrators are ordinary OS users that can perform JP1/Base system management operations such as specifying the JP1/Base environment settings and starting and stopping services.

Figure 7‒3: JP1 administrators group and JP1/Base administrators

[Figure]

For details about the JP1 administrators group and JP1/Base administrators, see the JP1/Base User's Guide.

(2) What is the AJS administrator?

In JP1/AJS3, the following types of users perform system management operations such as starting and stopping services, changing environment setting parameters, and creating backups:

The AJS administrator is a JP1/Base administrator who has been granted JP1/AJS3 access permissions that are almost equivalent to superuser permissions. That is, the AJS administrator is an ordinary OS user that can perform JP1/AJS3 system management operations such as specifying the JP1/AJS3 environment settings and starting services and stopping services.

Figure 7‒4: JP1 administrators group and the AJS administrator

[Figure]

Note that, as the above figure shows, the AJS administrator is also a JP1/Base administrator. Therefore, the AJS administrator can also perform JP1/Base system management operations.

(3) Operations that the AJS administrator can perform

The operations that the AJS administrator can perform are almost equivalent to the operations that users with superuser permissions can perform. These operations include the starting and stopping of JP1/AJS3 services, the creation of backups, and database maintenance. In addition, the AJS administrator can manipulate all units regardless of the JP1 permission level. Note, however, that the AJS administrator cannot perform the operations listed in the following table. These operations require superuser permissions.

Table 7‒1: Operations that the AJS administrators cannot perform

No.

Operation

Description

1

Installing and uninstalling JP1/AJS3

Installing and removing JP1/AJS3 require superuser permissions. The AJS administrator cannot perform these operations.

2

Applying and deleting JP1/AJS3 patches

Applying and deleting JP1/AJS3 patches require superuser permissions. The AJS administrator cannot perform these operations.

3

Designating the AJS administrator

Whether an AJS administrator has been designated is set by a user with superuser permissions before JP1/AJS3 is installed. Ordinary OS users cannot perform this operation.

4

Allocating OS resources

OS resource allocation operations, such as registering and removing port numbers, and preparing and deleting shared directories, require superuser permissions. The AJS administrator cannot perform these operations.

5

Operating linked programs that require superuser permissions

The AJS administrator cannot operate any linked programs that require superuser permissions.

6

Accessing files that require superuser permissions

The AJS administrator cannot access any files that require superuser permissions.

7

Performing user mapping for users who have superuser permissions

Using the JP1/Base user mapping functionality to map a user to a user who has superuser permissions requires superuser permissions. The AJS administrator cannot perform this operation.

8

Operating cluster software

Operating a cluster system requires access permissions for the cluster software. An AJS administrator who does not have access permissions for the cluster software cannot operate the cluster software.

This kind of AJS administrator cannot execute the jajs_killall.cluster command used to forcibly terminate the JP1/AJS3 processes running in a cluster system, and cannot change or back up the jajs_killall.cluster command file.

9

Backing up and restoring files that require superuser permissions

The AJS administrator cannot back up or restore files that require superuser permissions. (An example of such a file is the jajs_killall.cluster command file.)

10

Setting up and operating the Web Console server

The AJS3 administrator cannot perform setup and server management tasks for JP1/AJS3 - Web Console.

If operations that the AJS administrator cannot perform must be performed, an OS user that has superuser permissions must be asked to perform the operations.

For details about operation of JP1/AJS3 by the AJS administrator, see E. Operating JP1/AJS3 By Using an AJS Administrator Account (UNIX Only) in the JP1/Automatic Job Management System 3 System Design (Configuration) Guide.