Hitachi

JP1 Version 12 JP1/Base User's Guide


User permission definition file

Organization of this page

Format (To specify a JP1 user)

; Comment

JP1-user:JP1-resource-group=JP1-permission-level:JP1-resource-group=JP1-permission-level:...

Format (To specify a DS group)

; Comment

[DS-group-name]:JP1-resource-group=JP1-permission-level:JP1-resource-group=JP1-permission-level:...

Parameters by type

Required parameters:

None

Custom parameters:

None

File name

Any

Storage destination directory

Any

Description

This file defines operating permission for a JP1 user or DS group to access JP1 resource groups. The JP1 user can be a standard user, linkage user, or DS user. Specify this definition file for the -f option of the jbssetacl command.

Application of settings

Executing the jbssetacl command by specifying this definition file with the -f option applies the settings to the authentication server or directory server. When you make a change to operating permissions of a DS user or DS group, you must restart JP1/Base or execute the reload command (jbsaclreload). For details about the commands, see jbssetacl and jbsaclreload in 15. Commands.

Definition details

Use one line per entry to assign JP1 permission level to the JP1 user or DS group you want to register or modify to allow access to JP1 resource groups. The permissible number of characters on one line is 4,096 bytes or less. The character ; and the following characters through a carriage return are treated as comments. An entry consists of two or more fields delimited by a :. The following explains how to write individual fields.

JP1-user-name

Specify a JP1 user name. You can use alphanumeric characters to specify a JP1 user name but the characters must be lower case. You can enter a character string that is from 1 to 31 bytes. Permissible characters for a JP1 user name are limited to ASCII characters except * / \ " ' ^ [ ] { } ( ) : ; | = , + ? < >, space, and tab characters.

[DS-group-name]

Specify a security group name of a directory server.

You can specify this field only for the operation to use a DS user.

Permissible number of characters is 1 through 256 (bytes). Permissible characters for a DS group name are limited to ASCII characters except * / \ " ' ^ [ ] { } ( ) : ; | = , + ? < >, and tab characters.

JP1-resource-group=JP1-permission-level

Specify a JP1 resource group and JP1 permission level (JP1 user or DS group operating permission). Specify no more than 64 bytes as the JP1 resource group.

You can specify multiple JP1 permission levels for a JP1 resource group, using commas to delimit the permission levels as in the following example: JP1_AJS_Admin,JP1_JPQ_Admin,JP1_Console_Admin.

The JP1-resource-group and JP1-permission-level parameters are described below.

JP1-resource-group

A JP1 resource group is a set of entities (resources) such as jobs, jobnets, or events, that are managed together. The JP1 resource group to specify here should be determined in consultation with the manuals of JP1 products that use JP1/Base user authentication. An asterisk (*) specified in this parameter allows the JP1 user to access all JP1 resource groups. However, you cannot specify any other JP1 resource group for a JP1 user or DS group for whom you have already specified an asterisk (*).

JP1-permission-level

A JP1 permission level indicates the types of operating permissions that a JP1 user or DS group holds for a management target (resource). Permissible operations depend on whether the management targets (the resources) are jobs, jobnets, events, or other entities. Operating permissions of JP1 user or DS group are managed as combinations of different permissions set for specific types of resources.

JP1 permission levels include JP1_AJS_Admin, JP1_JPQ_Admin and JP1_Console_Admin. The JP1 permission level to specify here should be determined in consultation with the manuals of JP1 products that use JP1/Base user authentication.

Note

Even in the case to register to the Active Directory a JP1 user (DS user) that requires login authentication only and does not require JP1 operating permission, setting of JP1 operating permission attribute is necessary. In such a case, specify the character string none to indicate that no JP1 operating permission is required. An example (JP1 user name is jp1userx) is shown below.

jp1userx:*=none

Definition examples

To define a JP1 resource group and JP1 permission level for JP1 user name jp1admin:
jp1admin:*=JP1_AJS_Admin,JP1_JPQ_Admin,JP1_Console_Admin
To define a JP1 resource group and JP1 permission level for DS group name GRP-Adm:
[GRP-Adm]:*=JP1_AJS_Admin,JP1_JPQ_Admin,JP1_Console_Admin