HP 3000 Manuals

MPE/iX Commands Reference Manual Volume I

JOBSECURITY 

Designates what level of user may request resources and control the
execution of jobs.  (Native Mode)

Syntax 

            [{HIGH}                                      ]
            [{    }                                      ]
JOBSECURITY [{LOW }                                      ]
            [                                            ]
            [{;PASSEXEMPT= {NONE},{USER},{XACCESS},{MAX}}]
Parameters 

HIGH                  Permits only the operator logged on at the console
                      and users with SM capability to use job control
                      commands.

LOW                   Allows individual users to exercise control over
                      their own jobs.

<omitted>             If you do not specify HIGH or LOW, the current job
                      security status is displayed (high or low).

NONE, USER, XACCESS,  The PASSEXEMPT option set by the system manager,
or MAX                which has the following meaning:

                      NONE                  All users must specify the
                                            required passwords to stream
                                            a job.

                      USER                  Allows certain users to omit
                                            a job's password.  The system
                                            manager can omit the password
                                            when streaming any job,
                                            account managers can omit
                                            passwords when streaming jobs
                                            that log onto their account
                                            and to which they have
                                            access, and users can omit
                                            passwords for jobs that match
                                            their logon identity and to
                                            which they have access.

                      XACCESS               Allows users with execute
                                            access to the job file to
                                            omit passwords when the job
                                            file logs on with the same
                                            identity as its owner or
                                            creator.

                      MAX                   Sets both the USER and the
                                            XACCESS options of the
                                            PASSEXEMPT parameter.
                                            Specifying MAX is the only
                                            way to set both options since
                                            USER and XACCESS are
                                            otherwise mutually exclusive.

Operation Notes 

The HIGH and LOW parameters of the JOBSECURITY command determine what
kind of user may execute the ABORTJOB, ALTJOB, BREAKJOB and RESUMEJOB
commands.  When JOBSECURITY is set to HIGH, only the operator may issue
these commands.  When it is set to LOW, any user may issue these commands
for their own jobs (i.e., those where the job's user name and account
matches the user's) and Account Managers may control the execution of any
job in their account.

System managers may use the PASSEXEMPT parameter of the JOBSECURITY
command to control password validation when users stream a job.  If you
have never used the PASSEXEMPT parameter and if the HP Security Monitor
is not installed, the initial state is NONE, which means that job
passwords are required.  When you reboot the system with a START RECOVERY
the last PASSEXEMPT state is preserved.

PASSEXEMPT provides some of the functionality of the HP Security Monitor.
For example, PASSEXEMPT=USER is equivalent to the stream privilege
feature.  PASSEXEMPT=XACCESS is similar to the stream authorize feature
with one difference:  you may set the USER XACCESS options independently,
whereas HP Security Monitor requires you to enable stream privilege when
you want to enable the stream authorize feature.

JOBSECURITY checks for the existence of HP Security Monitor and, if
necessary, combines the settings to produce appropriate output.  When the
PASSEXEMPT parameter is issued and the interaction with the HP Security
Monitor produces a different result, you will see a warning and a
notification that the HP Security Monitor is installed.  The resulting
command output is also displayed with the warning.

Use 

You may issue the JOBSECURITY command from a session, job, program, or in
BREAK. Pressing Break has no effect on this command.  It may be executed
only from the console unless distributed to users with the ALLOW command.

Example 

To allow any user to abort, alter, break, or resume their own jobs,
enter:

     JOBSECURITY LOW 

To find out the current job security status, enter:

     :JOBSECURITY 
     JOB SECURITY IS HIGH. PASSEXEMPT IS NONE.

To set the password exemption to USER and then check the current status,
enter:

     :JOBSECURITY ;PASSEXEMPT=USER 
     :JOBSECURITY 

     JOB SECURITY IS LOW. PASSEXEMPT IS USER.

Suppose PASSEXEMPT is currently set to USER and you want to change it to
XACCESS. To do so, enter:

     :JOBSECURITY ;PASSEXEMPT=XACCESS 

Then check the current status by entering:

     :JOBSECURITY 
     JOB SECURITY IS LOW. PASSEXEMPT IS XACCESS.

If the HP Security Monitor is installed with both stream privilege and
authorization turned on, the JOBSECURITY command will display a warning
when the output produces a different result.

     :JOBSECURITY ;PASSEXEMPT=USER 
     Security Monitor is installed. Passexempt is MAX. (CIWARN 3128)

Related Information 

Commands      ABORTJOB, ALTJOB, BREAKJOB, RESUMEJOB, JOBFENCE

Manuals       Performing System Operation Tasks (32650-90137)

MPE/iX 5.5 Documentation