Hitachi

JP1 Version 12 JP1/Automatic Job Management System 3 Operator's Guide

17.2.2 Customizing the operation restriction settings for each user

You can restrict the operations that can be performed by each JP1 user who logs in to the Web GUI. To do so, use the Web GUI to apply the operating permission configuration file. This subsection describes the format of the operating permission configuration file and details of the settings in this file.

Note that only a JP1 user who is set as a user who sets permissions can apply the operating permission configuration file. For details about users who set permissions, see 14.2 Settings for restricting the operations that Web GUI users can perform.

Organization of this subsection

(1) Editing the file

The procedure for editing the operating permission configuration file differs for each of the following situations:

(a) If you are using the operation restriction function for the first time

If you are using the operation restriction function for the first time, perform the following procedure to edit the operating permission configuration file:

  1. Specify the manager host for which you want to set operational restrictions, and then use the Web GUI to log in.

  2. From the Management menu at the top of the screen, select Operating Permission Settings and then Acquire Model File.

    The model file for the operating permission configuration file (operationpermission_model.csv) is downloaded.

  3. Copy the downloaded model file, and then rename it as appropriate.

  4. In a folder of your choice, save the renamed operating permission configuration file as the operating permission configuration master file.

    The master file you created in this step will be used the second and subsequent times you perform the Apply Operating Permission Settings operation. Store and manage the file appropriately.

  5. Open the master operating permission configuration file (CSV file) with spreadsheet software or a similar program.

  6. Change the definitions.

  7. Save the operating permission configuration file in CSV format.

  8. From the Management menu at the top of the Web GUI window, select Operating Permission Settings and then Apply.

    The Apply Operating Permission Settings dialog box opens.

  9. From Select, select the operating permission configuration file that you edited, and then click the OK button.

    Note

    After you select the operating permission configuration file, if you change the file contents and then apply the file, the changes might not be applied or communication might time out because a request cannot be sent. If you change the contents of the operating permission configuration file after selecting the file, reselect the file.

  10. Notify all Web GUI users that re-login is required.

    Note

    The added or changed operation permission settings are not applied for each Web GUI user until the user logs in to the Web GUI again. If necessary, restart the JP1/AJS3 HTTP Server service and the JP1/AJS3 Web Application Server service.

(b) If you want to add, change, or delete operation permission settings for a user

If you want to add, change, or delete operation permission settings that have already been applied, perform the following procedure to edit the operating permission configuration file:

  1. Use spreadsheet software or a similar program to open the master operating permission configuration file (CSV file that you kept).

  2. Change the definitions.

  3. Save the operating permission configuration file in CSV format.

  4. Specify the manager host for which you want to change the settings, and then use the Web GUI to log in.

  5. From the Management menu at the top of the Web GUI window, select Operating Permission Settings and then Apply.

    The Apply Operating Permission Settings dialog box opens.

  6. From Select, select the operating permission configuration file that you edited, and then click the OK button.

    Note

    After you select the operating permission configuration file, if you change the file contents and then apply the file, the changes might not be applied or communication might time out because a request cannot be sent. If you change the contents of the operating permission configuration file after selecting the file, reselect the file.

  7. Notify all Web GUI users that re-login is required.

    Note

    The added or changed operation permission settings are not applied for each Web GUI user until the user logs in to the Web GUI again. If necessary, restart the JP1/AJS3 HTTP Server service and the JP1/AJS3 Web Application Server service.

(c) If a manager host has been added

If a new manager host has been added, perform the following procedure to edit the operating permission configuration file:

  1. Use spreadsheet software or a similar program to open the master operating permission configuration file (CSV file that you kept).

  2. Change the definitions as necessary.

  3. Save the operating permission configuration file in CSV format.

  4. Specify the newly added manager host, and then use the Web GUI to log in.

  5. From the Management menu at the top of the Web GUI window, select Operating Permission Settings and then Apply.

    The Apply Operating Permission Settings dialog box opens.

  6. From Select, select the operating permission configuration file that you edited, and then click the OK button.

    Note

    After you select the operating permission configuration file, if you change the file contents and then apply the file, the changes might not be applied or communication might time out because a request cannot be sent. If you change the contents of the operating permission configuration file after selecting the file, reselect the file.

  7. Notify all Web GUI users that re-login is required.

    Note

    The added or changed operation permission settings are not applied for each Web GUI user until the user logs in to the Web GUI again. If necessary, restart the JP1/AJS3 HTTP Server service and the JP1/AJS3 Web Application Server service.

(d) If JP1/AJS3 - Web Console has been upgraded

If JP1/AJS3 - Web Console has been upgraded, the number of operations that need to be restricted might increase. If JP1/AJS3 - Web Console has been upgraded, perform the following procedure to edit the operating permission configuration file:

  1. Specify the manager host for which you want to set operational restrictions, and then use the Web GUI to log in.

  2. From the Management menu at the top of the screen, select Operating Permission Settings and then Acquire Model File.

    The upgraded version of the model file for the operating permission configuration file (operationpermission_model.csv) is downloaded.

  3. Copy the downloaded model file, and then rename it as appropriate.

  4. Use spreadsheet software or a similar program to open the renamed operating permission configuration file (CSV file).

  5. Use spreadsheet software or a similar program to open the master operating permission configuration file (CSV file that you kept).

  6. Copy the contents of the master file to the appropriate location in the new operating permission configuration file.

  7. For the items that were added as a result of the version upgrade, change the settings as necessary.

  8. Save the operating permission configuration file in CSV format.

  9. In a folder of your choice, save the edited operating permission configuration file as the new master file.

  10. From the Management menu at the top of the Web GUI window, select Operating Permission Settings and then Apply.

    The Apply Operating Permission Settings dialog box opens.

  11. From Select, select the operating permission configuration file that you edited, and then click the OK button.

    Note

    After you select the operating permission configuration file, if you change the file contents and then apply the file, the changes might not be applied or communication might time out because a request cannot be sent. If you change the contents of the operating permission configuration file after selecting the file, reselect the file.

  12. Notify all Web GUI users that re-login is required.

    Note

    The added or changed operation permission settings are not applied for each Web GUI user until the user logs in to the Web GUI again. If necessary, restart the JP1/AJS3 HTTP Server service and the JP1/AJS3 Web Application Server service.

To Page Top

(2) Acquiring the operating permission configuration file that was applied

After the operating permission configuration file has been applied to a manager host, you can use the Web GUI to acquire the file and check the settings in the file. The procedure for using the Web GUI to acquire the operating permission configuration file that was applied is as follows.

  1. Use the Web GUI to log in, specifying the manager host from which you want to acquire the operating permission configuration file.

  2. From the Management menu at the top of the screen, select Operating Permission Settings and then Acquire.

    The operating permission configuration file that was applied is downloaded.

The name of the downloaded operating permission configuration file is in the format operationpermission_YYYYMMDDHHMMSS.csv, where YYYYMMDDHHMMSS is the file acquisition date and time according to the Web Console server.

To Page Top

(3) When settings take effect

When a user for whom operational restrictions are set logs in

To Page Top

(4) File format

The format of the operating permission configuration file is as follows.

File type

CSV format (comma separated)

Maximum size

3MB

Maximum number of lines

1,000 lines (excluding the FileVersion line, lines in which the JP1 user name is an asterisk (*), and comment lines)

Cautionary notes

  • Do not edit the FileVersion line at the beginning of the file. If you edit this line, you will no longer be able to use the Web GUI to apply the file.

  • Do not enter any values in the 31th and subsequent columns.

  • Setting values are not case sensitive.

  • If you use any program other than Excel to edit the file, use a pair of double quotation marks (") to enclose each character string that includes any of the following characters:

    - , (comma)

    - " (double quotation mark)

    - Linefeed character (CR+LF or LF)

  • Lines beginning with a hash mark (#) are treated as comment lines.

  • If a line in which the JP1 user name is an asterisk (*) is omitted, the system behaves in accordance with the default settings (permit only viewing).

  • If the file contains any of the following lines, an error occurs:

    - A line whose first column begins with a character other than a hash mark (#)

    - A line consisting of only commas (,)

    Note

    If you are using Excel or a similar spreadsheet program, saving a worksheet in which all settings in a row are blank will generate a line that include only commas. If such a line exists, delete it or comment it out.

  • If the file is to be saved in Unicode, save the file in the UTF-8 format.

To Page Top

(5) Setting items

The following describes the items to be set.

(a) Start of a line (column 1)

If you enter a hash mark (#) at the start of a line, the entire line is treated as a comment.

(b) Optional data (columns 2 to 11)

In these columns, you can enter information of your choice. For example, you can enter the name of a user for whom you want to restrict operations, and the group to which the user belongs.

When you enter data in these columns, limit the number of characters in each column to about 50 characters so that the size of the operation permission configuration file does not exceed the maximum size.

Recommended value

Set the value appropriate for the operating environment.

(c) Names of JP1 users for whom operations are to be restricted (column 12)

In this column, enter the names of the JP1 users for whom you want to set operational restrictions. You must enter a value in this column.

Specifiable value
JP1 user name

For details about the characters that can be used to specify a JP1 user name, see the JP1/Base User's Guide.

If an asterisk (*) is entered as a JP1 user name, you can specify the default operation restriction settings for all JP1 users. If there is no line in which an asterisk (*) is specified as the JP1 user name, the system behaves in accordance with the default settings (permits only viewing).

Recommended value

Set the value appropriate for the operating environment.

Cautionary note

If the file contains two or more lines in which the same value is specified in this column, an error occurs.

(d) Type of operating permission settings (column 13)

In this column, specify the type of operating permission settings for the user. You must enter a value in this column.

Specifiable value
R

Permits only viewing (prohibits all operations that can be restricted).

If this value is specified in column 13, the settings of all subsequent columns are ignored.

A

Permits execution of all operations.

If this value is specified in column 13, the settings of all subsequent columns are ignored.

C

Permissions for each operation are to be specified separately.

Recommended value

Set the value appropriate for the operating environment.

(e) Specification of permissions for operations that can be performed from the Web GUI (columns 14 to 30)

If C (separate specification) is specified for the type of operating permission settings (in column 13), specify whether to permit execution of each operation that can be performed from Web GUI in these columns. If you do not specify any value, the system assumes that 0 (do not permit execution of the operation) is specified.

The following table shows the column numbers and their corresponding operations.

Table 17‒2: Column numbers and their corresponding operations

Column number

Operation

14

Register for Execution

15

Cancel Registration

16

Adding an execution schedule

17

Change plan (change time)

18

Change plan (execute immediately)

19

Change plan (execution prohibited)

20

Change plan (release change)

21

Change delay monitor

22

Rerun

23

Interrupt

24

Kill

25

Change job status

26

Edit definition

27

Hold

28

Hold Release

29

Change Exec Order Method

30

Change Wait Status

The values that can be specified for each column are as follows:

Specifiable value
0

Prohibit execution of the operation.

1

Permit execution of the operation.

Recommended value

Set the value appropriate for the operating environment.

To Page Top

(6) Cautionary notes

To Page Top

(7) Example

This subsection shows an example of the contents of the operating permission configuration file for specifying the operating restrictions in the following table:

Table 17‒3: Settings that can be specified in the operating permission configuration file

User name

JP1 user name

Section

Post

Operational restrictions

Taro Hitachi

jp1admin

Operational section

Administrator

Permit all operations

Hanako Hitachi

jp1user1

Operational section

Operator

Permit all operations other than the editing of definitions

Jiro Hitachi

jp1user2

Development section

Developer

Permit the viewing and editing of definitions

Other users

Permit only viewing

Example

FileVersion=1.1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
#,Option 1,Option 2,Option 3,Option 4,Option 5,Option 6,Option 7,Option 8,Option 9,Option 10,JP1 User Name,Classification,Register for Execution,Cancel Registration,Add,Change Plan (Change Time),Change Plan (Execute Immediately),Change Plan (Execution Prohibited),Change Plan (Release Change),Delay monitoring changed,Rerun,Interrupted,Kill,Change Status,Edit Definition,Hold,Hold Release,Change Exec Order Method,Change Wait Status
,Hitachi, Ltd.,Operational section,Administrator,Taro Hitachi,,,,,,,jp1admin,A,,,,,,,,,,,,,,,,,
,Hitachi, Ltd.,Operational section,Operator,Hanako Hitachi,,,,,,,jp1user1,C,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1
,Hitachi, Ltd.,Development section,Developer,Jiro Hitachi,,,,,,,jp1user2,C,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0
,Default setting,,,,,,,,,,*,R,,,,,,,,,,,,,,,,,

To Page Top

Copyright (C) 2019, 2022, Hitachi, Ltd.

Copyright (C) 2019, 2022, Hitachi Solutions, Ltd.