15.4.2 Customizing the operation restriction settings for each user
You can restrict the operations that can be performed by each JP1 user who logs in to the job portal. To do so, use the job portal to apply the operating permission configuration file. This subsection describes the format of the operating permission configuration file and details of the settings in this file.
Note that only a JP1 user who is set as a user who sets permissions can apply the operating permission configuration file. For details about users who set permissions, see 14.2 Settings for restricting the operations that Web GUI (Job Portal) users can perform.
- Organization of this subsection
(1) Editing the file
The procedure for editing the operating permission configuration file differs for each of the following situations:
-
If you are using the operation restriction function for the first time
-
If you want to add, change, or delete operation permission settings for a user
-
If a manager host has been added
-
If JP1/AJS3 - Web Console has been upgraded
(a) If you are using the operation restriction function for the first time
If you are using the operation restriction function for the first time, perform the following procedure to edit the operating permission configuration file:
-
Specify the manager host for which you want to set operational restrictions, and then use the job portal to log in.
-
From the Management menu at the top of the screen, select Operating Permission Settings and then Acquire Model File.
The model file for the operating permission configuration file (operationpermission_model.csv) is downloaded.
-
Copy the downloaded model file, and then rename it as appropriate.
-
In a folder of your choice, save the renamed operating permission configuration file as the operating permission configuration master file.
The master file you created in this step will be used the second and subsequent times you perform the Apply Operating Permission Settings operation. Store and manage the file appropriately.
-
Open the master operating permission configuration file (CSV file) with spreadsheet software or a similar program.
-
Change the definitions.
-
Save the operating permission configuration file in CSV format.
-
From the Management menu at the top of the job portal window, select Operating Permission Settings and then Apply.
The Apply Operating Permission Settings dialog box opens.
-
From Select, select the operating permission configuration file that you edited, and then click the OK button.
- Note
-
After you select the operating permission configuration file, if you change the file contents and then apply the file, the changes might not be applied or communication might time out because a request cannot be sent. If you change the contents of the operating permission configuration file after selecting the file, reselect the file.
-
Notify all job portal users that re-login is required.
- Note
-
The added or changed operation permission settings are not applied for each job portal user until the user logs in to the Web GUI again. If necessary, restart the JP1/AJS3 HTTP Server service and the JP1/AJS3 Web Application Server service.
(b) If you want to add, change, or delete operation permission settings for a user
If you want to add, change, or delete operation permission settings that have already been applied, perform the following procedure to edit the operating permission configuration file:
-
Use spreadsheet software or a similar program to open the master operating permission configuration file (CSV file that you kept).
-
Change the definitions.
-
Save the operating permission configuration file in CSV format.
-
Specify the manager host for which you want to change the settings, and then use the job portal to log in.
-
From the Management menu at the top of the Web GUI window, select Operating Permission Settings and then Apply.
The Apply Operating Permission Settings dialog box opens.
-
From Select, select the operating permission configuration file that you edited, and then click the OK button.
- Note
-
After you select the operating permission configuration file, if you change the file contents and then apply the file, the changes might not be applied or communication might time out because a request cannot be sent. If you change the contents of the operating permission configuration file after selecting the file, reselect the file.
-
Notify all job portal users that re-login is required.
- Note
-
The added or changed operation permission settings are not applied for each job portal user until the user logs in to the Web GUI again. If necessary, restart the JP1/AJS3 HTTP Server service and the JP1/AJS3 Web Application Server service.
(c) If a manager host has been added
If a new manager host has been added, perform the following procedure to edit the operating permission configuration file:
-
Use spreadsheet software or a similar program to open the master operating permission configuration file (CSV file that you kept).
-
Change the definitions as necessary.
-
Save the operating permission configuration file in CSV format.
-
Specify the newly added manager host, and then use the job portal to log in.
-
From the Management menu at the top of the Web GUI window, select Operating Permission Settings and then Apply.
The Apply Operating Permission Settings dialog box opens.
-
From Select, select the operating permission configuration file that you edited, and then click the OK button.
- Note
-
After you select the operating permission configuration file, if you change the file contents and then apply the file, the changes might not be applied or communication might time out because a request cannot be sent. If you change the contents of the operating permission configuration file after selecting the file, reselect the file.
-
Notify all job portal users that re-login is required.
- Note
-
The added or changed operation permission settings are not applied for each job portal user until the user logs in to the Web GUI again. If necessary, restart the JP1/AJS3 HTTP Server service and the JP1/AJS3 Web Application Server service.
(d) If JP1/AJS3 - Web Console has been upgraded
If JP1/AJS3 - Web Console has been upgraded, the number of operations that need to be restricted might increase. If JP1/AJS3 - Web Console has been upgraded, perform the following procedure to edit the operating permission configuration file:
-
Specify the manager host for which you want to set operational restrictions, and then use the job portal to log in.
-
From the Management menu at the top of the screen, select Operating Permission Settings and then Acquire Model File.
The upgraded version of the model file for the operating permission configuration file (operationpermission_model.csv) is downloaded.
-
Copy the downloaded model file, and then rename it as appropriate.
-
Use spreadsheet software or a similar program to open the renamed operating permission configuration file (CSV file).
-
Use spreadsheet software or a similar program to open the master operating permission configuration file (CSV file that you kept).
-
Copy the contents of the master file to the appropriate location in the new operating permission configuration file.
-
For the items that were added as a result of the version upgrade, change the settings as necessary.
-
Save the operating permission configuration file in CSV format.
-
In a folder of your choice, save the edited operating permission configuration file as the new master file.
-
From the Management menu at the top of the job portal window, select Operating Permission Settings and then Apply.
The Apply Operating Permission Settings dialog box opens.
-
From Select, select the operating permission configuration file that you edited, and then click the OK button.
- Note
-
After you select the operating permission configuration file, if you change the file contents and then apply the file, the changes might not be applied or communication might time out because a request cannot be sent. If you change the contents of the operating permission configuration file after selecting the file, reselect the file.
-
Notify all job portal users that re-login is required.
- Note
-
The added or changed operation permission settings are not applied for each job portal user until the user logs in to the Web GUI again. If necessary, restart the JP1/AJS3 HTTP Server service and the JP1/AJS3 Web Application Server service.
(2) Acquiring the operating permission configuration file that was applied
After the operating permission configuration file has been applied to a manager host, you can use the job portal to acquire the file and check the settings in the file. The procedure for using the job portal to acquire the operating permission configuration file that was applied is as follows.
-
Use the job portal to log in, specifying the manager host from which you want to acquire the operating permission configuration file.
-
From the Management menu at the top of the screen, select Operating Permission Settings and then Acquire.
The operating permission configuration file that was applied is downloaded.
The name of the downloaded operating permission configuration file is in the format operationpermission_YYYYMMDDHHMMSS.csv, where YYYYMMDDHHMMSS is the file acquisition date and time according to the Web Console server.
(3) When settings take effect
When a user for whom operational restrictions are set logs in
(4) File format
The format of the operating permission configuration file is as follows.
- File type
-
CSV format (comma separated)
- Maximum size
-
3MB
- Maximum number of lines
-
1,000 lines (excluding the FileVersion line, lines in which the JP1 user name is an asterisk (*), and comment lines)
- Cautionary notes
-
-
Do not edit the FileVersion line at the beginning of the file. If you edit this line, you will no longer be able to use the job portal to apply the file.
-
Do not enter any values in the 31th and subsequent columns.
-
Setting values are not case sensitive.
-
If you use any program other than Excel to edit the file, use a pair of double quotation marks (") to enclose each character string that includes any of the following characters:
- , (comma)
- " (double quotation mark)
- Linefeed character (CR+LF or LF)
-
Lines beginning with a hash mark (#) are treated as comment lines.
-
If a line in which the JP1 user name is an asterisk (*) is omitted, the system behaves in accordance with the default settings (permit only viewing).
-
If the file contains any of the following lines, an error occurs:
- A line whose first column begins with a character other than a hash mark (#)
- A line consisting of only commas (,)
- Note
-
If you are using Excel or a similar spreadsheet program, saving a worksheet in which all settings in a row are blank will generate a line that include only commas. If such a line exists, delete it or comment it out.
-
If the file is to be saved in Unicode, save the file in the UTF-8 format.
-
(5) Setting items
The following describes the items to be set.
(a) Start of a line (column 1)
If you enter a hash mark (#) at the start of a line, the entire line is treated as a comment.
(b) Optional data (columns 2 to 11)
In these columns, you can enter information of your choice. For example, you can enter the name of a user for whom you want to restrict operations, and the group to which the user belongs.
When you enter data in these columns, limit the number of characters in each column to about 50 characters so that the size of the operation permission configuration file does not exceed the maximum size.
- Recommended value
-
Set the value appropriate for the operating environment.
(c) Names of JP1 users for whom operations are to be restricted (column 12)
In this column, enter the names of the JP1 users for whom you want to set operational restrictions. You must enter a value in this column.
- Specifiable value
-
- JP1 user name
-
For details about the characters that can be used to specify a JP1 user name, see the JP1/Base User's Guide.
If an asterisk (*) is entered as a JP1 user name, you can specify the default operation restriction settings for all JP1 users. If there is no line in which an asterisk (*) is specified as the JP1 user name, the system behaves in accordance with the default settings (permits only viewing).
- Recommended value
-
Set the value appropriate for the operating environment.
- Cautionary note
-
If the file contains two or more lines in which the same value is specified in this column, an error occurs.
(d) Type of operating permission settings (column 13)
In this column, specify the type of operating permission settings for the user. You must enter a value in this column.
- Specifiable value
-
- R
-
Permits only viewing (prohibits all operations that can be restricted).
If this value is specified in column 13, the settings of all subsequent columns are ignored.
- A
-
Permits execution of all operations.
If this value is specified in column 13, the settings of all subsequent columns are ignored.
- C
-
Permissions for each operation are to be specified separately.
- Recommended value
-
Set the value appropriate for the operating environment.
(e) Specification of permissions for operations that can be performed from the job portal (columns 14 to 30)
If C (separate specification) is specified for the type of operating permission settings (in column 13), specify whether to permit execution of each operation that can be performed from job portal in these columns. If you do not specify any value, the system assumes that 0 (do not permit execution of the operation) is specified.
The following table shows the column numbers and their corresponding operations.
Column number |
Operation |
---|---|
14 |
Register for Execution |
15 |
Cancel Registration |
16 |
Adding an execution schedule |
17 |
Change plan (change time) |
18 |
Change plan (execute immediately) |
19 |
|
20 |
Change plan (release change) |
21 |
Change delay monitor |
22 |
Rerun |
23 |
Interrupt |
24 |
Kill |
25 |
Change job status |
26 |
Edit definition |
27 |
Hold |
28 |
Hold Release |
29 |
Change Exec Order Method |
30 |
Change Wait Status |
- #
-
The permission settings for operation Change plan (execution prohibited) are also applied to operation Change plan (prohibit execution of retention generations).
The values that can be specified for each column are as follows:
- Specifiable value
-
- 0
-
Prohibit execution of the operation.
- 1
-
Permit execution of the operation.
- Recommended value
-
Set the value appropriate for the operating environment.
(6) Cautionary notes
-
The settings in the operating permission configuration file apply only to the manager host to which the user who applies the configuration file is logged in. To set operational restrictions on multiple manager hosts, log in to each host and apply the operating permission configuration file on each host.
-
Make sure that users log in to a manager host to which the operating permission configuration file has been applied. If users log in to a manager host to which the operating permission configuration file has not been applied, the default settings (permit only viewing) are applied. You can also restrict the manager hosts to which users can log in. If you do so, you must also use the function for restricting the hosts to which the Web Console server can connect.
-
Users who set permissions can log in to a manager host by specifying the IP address of the manager host or by specifying the host name of the manager host. Note that, even if the IP address and host name refer to the same manager host, the system considers login by IP-address specification and login by host-name specification different. To use the same restriction settings in both cases, you must apply the operating permission configuration file twice: once when logging in by specifying the IP address, and once when logging in by specifying the host name. You can also restrict the manager hosts to which users can log in. If you do so, you must also use the function for restricting the hosts to which the Web Console server can connect.
-
Immediately after you enable the operation restriction function of the job portal on a Web Console server, all JP1 users are permitted to perform only viewing operations on all manager hosts to which the Web Console server can connect.
-
If multiple users who set permissions apply operating permission configuration files on the same manager host, the settings in the last-applied file override the settings in previously applied files.
-
If JP1/AJS3 - Web Console has been upgraded, the number of operations that can be restricted might increase. If you upgrade JP1/AJS3 - Web Console and then apply the operating permission configuration file that was used before the upgrade, the system assumes that 0 (do not permit execution) is specified for all new operation settings.
(7) Example
This subsection shows an example of the contents of the operating permission configuration file for specifying the operating restrictions in the following table:
User name |
JP1 user name |
Section |
Post |
Operational restrictions |
---|---|---|---|---|
Taro Hitachi |
jp1admin |
Operational section |
Administrator |
Permit all operations |
Hanako Hitachi |
jp1user1 |
Operational section |
Operator |
Permit all operations other than the editing of definitions |
Jiro Hitachi |
jp1user2 |
Development section |
Developer |
Permit the viewing and editing of definitions |
Other users |
Permit only viewing |
Example
FileVersion=1.1,,,,,,,,,,,,,,,,,,,,,,,,,,,,, #,Option 1,Option 2,Option 3,Option 4,Option 5,Option 6,Option 7,Option 8,Option 9,Option 10,JP1 User Name,Classification,Register for Execution,Cancel Registration,Add,Change Plan (Change Time),Change Plan (Execute Immediately),Change Plan (Execution Prohibited),Change Plan (Release Change),Delay monitoring changed,Rerun,Interrupted,Kill,Change Status,Edit Definition,Hold,Hold Release,Change Exec Order Method,Change Wait Status ,Hitachi, Ltd.,Operational section,Administrator,Taro Hitachi,,,,,,,jp1admin,A,,,,,,,,,,,,,,,,, ,Hitachi, Ltd.,Operational section,Operator,Hanako Hitachi,,,,,,,jp1user1,C,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1 ,Hitachi, Ltd.,Development section,Developer,Jiro Hitachi,,,,,,,jp1user2,C,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0 ,Default setting,,,,,,,,,,*,R,,,,,,,,,,,,,,,,,