HP 3000 Manuals HP 3000 Manuals
Giving Users System Operator Command Capabilities
The ALLOW command lets you give one or more users the ability to execute
one or more commands usually reserved to those with OP (system
supervisor) or SM (system manager) capability. (Also, refer to the
ASSOCIATE command.)
For example, in a system with a large number of users, you might want to
delegate some of your task load. Or you may wish to give a group of
advanced users additional capabilities. Other commands associated with
ALLOW are DISALLOW and SHOWALLOW.
Table 3-7. System Operator Commands Assigned by ALLOW
---------------------------------------------------------------------------------------------
| ACCEPT | JOBSECURITY |
| ALLOW | LIMIT |
| ALTJOB | LOG |
| BREAKJOB | REFUSE |
| DISALLOW | RESUMEJOB |
| JOBFENCE | |
---------------------------------------------------------------------------------------------
To allow every user on the system the ability to execute the command
REPLY from a terminal, enter:
ALLOW @.@;COMMANDS=REPLY
ALLOW Syntax
ALLOW FILE=formaldesignator[;SHOW] ALLOW
{@.@ }
{user.@ }
{@.acct };COMMANDS=command[,command,...]
{user.acct}
Table 3-8. ALLOW Parameters
--------------------------------------------------------------------------------------------
| | |
| Parameter | Description |
| | |
--------------------------------------------------------------------------------------------
| | |
| formaldesignator | A formal ASCII file name. |
| | |
| | |
--------------------------------------------------------------------------------------------
| | |
| SHOW | Lists input lines on $STDLIST. |
| | |
| | |
--------------------------------------------------------------------------------------------
| | |
| @.@ | Grants access to all users whether logged on or not. |
| | |
| | |
--------------------------------------------------------------------------------------------
| | |
| user.acct | Grants access to all users in all accounts. |
| | |
| | |
--------------------------------------------------------------------------------------------
| | |
| command | The names of those commands to which the user is granted access. |
| | |
--------------------------------------------------------------------------------------------
This command may also be executed in indirect and subsystem modes. To do
this you must create a file that contains records identifying the users
and accounts to whom you are allowing operator commands, followed by the
list of commands allowed, such as:
EDITOR
HP32201A.07.17 EDIT/3000 TUES, FEB 29, 1990, 5:08 PM
(C) HEWLETT-PACKARD CO. 1985
/ADD
1 SUSAN.PAYROLL;COMMANDS=ALTJOB,ALTSPOOLFILE
2 JOHN.ACCTNG;COMMANDS=ALTJOB,DELETESPOOLFILE
3 //
...
/KEEP ALLOWTMP
/E
The ALLOW command is then executed by entering at the system console:
ALLOW FILE=ALLOWTMP;SHOW
In subsystem mode, just enter ALLOW followed by a Return. The command
prompts you with a > sign, and accepts command parameters until an
end-of-file is received or EXIT is entered.
A user receiving the allowed capabilities must be logged on at the time
and automatically loses the capabilities by logging off.
NOTE If the wildcard parameter @.@ is used with the ALLOW command, all
users will be given the allowed capabilities, whether logged on or
not.
The following example allows user LOUISE.CARROL to execute both REPLY and
ABORTIO.
Enter on the system console:
ALLOW LOUISE.CARROL;COMMANDS=REPLY,ABORTIO
The following example illustrates the use of ALLOW interactively. It
gives user PAUL.JONES the ability to execute the BREAKJOB command.
ALLOW
>PAUL.JONES;COMMANDS=BREAKJOB
>EXIT
Cancel User System Operator Command Capability
Just as the ALLOW command transfers specific capabilities to one or more
users, the DISALLOW command is used to cancel them. Other than that
difference, the syntax, parameters, and usage of the two commands are the
same, including the use of DISALLOW in indirect mode.
Display a List of ALLOWED Users and Commands
The SHOWALLOW command lists the system operator commands that have been
allowed to one or more users. If no parameters are specified, only the
commands allowed to logged on users are listed. After listing the
commands allowed to the users specified, the command lists all system
operator commands that have been globally allowed.
Account manager, system manager, or console operator capability is
required to specify @ for user name. System manager or console operator
capability is required to specify @ for account name.
To list all system operator commands allowed to all users, enter:
SHOWALLOW @.@
The system displays:
____________________________________________________________________
| |
| |
| MANAGER.SYS |
| USER HAS THE FOLLOWING COMMANDS ALLOWED: |
| REPLY ALLOW CONSOLE |
| |
| LARRY.MPEXL |
| USER HAS THE FOLLOWING COMMANDS ALLOWED: |
| REPLY ABORTJOB |
| |
| DAN.TP |
| USER HAS THE FOLLOWING COMMANDS ALLOWED: |
| REPLY ABORTIO |
| |
| THE FOLLOWING COMMANDS HAVE BEEN GLOBALLY ALLOWED: |
| REPLY |
| |
____________________________________________________________________
SHOWALLOW Syntax
[{user.acct}]
[{user.@ }]
SHOWALLOW [{@.acct }]
[{@.@ }]
Table 3-9. SHOWALLOW Parameters
--------------------------------------------------------------------------------------------
| | |
| Parameter | Description |
| | |
--------------------------------------------------------------------------------------------
| | |
| use | Defines a particular user. |
| | |
| | |
--------------------------------------------------------------------------------------------
| | |
| acct | Defines a specific account. |
| | |
| | |
--------------------------------------------------------------------------------------------
| | |
| user.account | Defines a particular user in a particular account. |
| | |
| | |
--------------------------------------------------------------------------------------------
| | |
| @ | All users when used to the left of the period (.); all accounts when |
| | used to the right of the period. |
| | |
--------------------------------------------------------------------------------------------