HP 3000 Manuals HP 3000 Manuals
ALLOW
The ALLOW command enables the system administrator to permit one or more
users to enter one or more operator commands. The ALLOW command
specifies which users can enter operator commands, and specifies which
commands these users can enter.
Syntax
Interactive and subsystem mode:
[@.@ ]
ALLOW [@.acct ];COMMANDS=command[,command,...]
[user.@ ]
[user.acct]
Program mode:
ALLOW FILE=formaldesignator[;SHOW]
Parameters
@.@ Gives access to all users whether or not they are
logged on.
@.acct Gives access to all users logged on to a specific
account.
user.@ Gives access to a specific user logged on to any
account.
user.acct Gives access to a specific user logged on in a
specific account.
COMMANDS Specifies the names of the console commands that
the user(s) can access.
FILE Specifies an ASCII file name, formaldesignator,
that consists of from one to eight alphanumeric
characters, beginning with an alphabetic character.
The formaldesignator can be fully or partially
qualified and can be backreferenced in a file
equation.
SHOW Lists input lines to $STDLIST.
Operation Notes
* Usage
You can enter this command from a session, a job, a program, or in
break mode. Pressing Break terminates subsystem mode and produces
an error message, but does not affect commands already entered in
subsystem mode.
This command can only be entered from the console, unless your
system administrator has used the ALLOW command, which permits you
to enter this command.
You can only allow commands to users currently logged on unless
you use the @.@ parameter. Remember, however, that this parameter
allows commands to all users. An alternative would be to use the
ALLOW command with the @.@ parameter, then use the DISALLOW
command to disallow commands to selected users.
Additional commands that you allow for users are valid only for
the duration of their current session. When a user logs off and
then back on to the system, the previously allowed commands are no
longer available until they are allowed again.
* Command modes
The ALLOW command enables you to enter the command in one of three
modes:
* interactive
* subsystem
* program
When using interactive mode, you enter the entire command along
with the desired parameters as shown in syntax and press Return.
Subsystem mode is similar, except you just enter the ALLOW command
and then provide the remaining parameters after the subsystem
prompt (>) appears. The subsystem accepts command parameters
until you enter the EXIT or END command.
Program mode is beneficial from an administrative perspective,
because you can create a customized file granting specific
permissions that you do not have to alter, unless desired. When
using program mode, you first create a file that:
* Identifies the users and accounts that are permitted to use
operator commands.
* Lists the allowed commands.
Then you enter the ALLOW command, using the SHOW parameter to
display each command line as it executes from the file.
Refer to "Examples" for examples of all three modes.
* Console commands versus operator commands
Console commands function differently from operator commands.
Console commands are not allowable, must be entered on the actual
console (usually configured as LDEV 20), and must be preceded by
CtrlA. Some console commands have the same name as non-console
commands, such as RECALL, which can be entered on any device.
Operator commands are generally used in the daily operation of
your system and are generally allowable.
* Allowable commands
You can allow up to 19 of the following commands at a time in
interactive and subsystem modes. If you need to specify more than
19 commands, use program mode.
ABORTIO HEADON RESUMESPOOL
ABORTJOB JOBFENCE SHUTQ
ACCEPT JOBSECURITY STARTSPOOL
ALLOW LDSMOUNT STOPSPOOL
ALTJOB LIMIT STREAMS
ALTSPOOLFILE LOG UP
CONSOLE MRJECONTROL VMOUNT
DELETESPOOLFILE OPENQ VSCLOSE
DISALLOW OUTFENCE VPOPEN
DISCRPS REFUSE VSRELEASESYS
DOWN REPLY VSRESERVESYS
DOWNLOAD RESUMEJOB WARN
HEADOFF SPOOLER WELCOME
Not all of these commands are described in this chapter. For
information about commands not described in this chapter, use the
Help Facility.
Before allowing any users access to these commands, you should
enter the SHOWALLOW command to determine which operator commands
have already been allowed.
Examples
* In interactive mode, to allow a user named USER.TECH to enter the
REPLY and ABORTJOB commands, enter the following command at the
console:
:ALLOW USER.TECH;COMMANDS=REPLY,ABORTJOB
* In subsystem mode, to allow a user named MGR.MANUALS to enter the
BREAKJOB command, enter the following command sequence at the
console:
:ALLOW
>MGR.MANUALS;COMMANDS=BREAKJOB
>EXIT
* In program mode, to allow the users named SUSAN.PAYROLL and
JOHN.ACCTNG to enter the LIMIT command, do the following:
1. Execute the EDITOR command, create a program file, and save
it to ALLOWTMP, as shown:
:EDITOR
HP32201A.07.17 EDIT/3000 WED, MAY 8, 1991, 3:02 PM
(C) HEWLETT-PACKARD CO. 1990
/ADD
1 SUSAN.PAYROLL;COMMANDS=LIMIT
2 JOHN.ACCTNG;COMMANDS=LIMIT
3 //
...
/K ALLOWTMP
/E
2. Execute the ALLOW command using the SHOW parameter, if
desired, to display each command line as it executes from
the file:
:ALLOW FILE=ALLOWTMP;SHOW
* You can also include a lockword for the file, if
any, as shown:
:ALLOW FILE=ALLOWTMP/LOCKWORD;SHOW
* You can backreference the file with a file equation,
as shown:
:FILE BACKF=ALLOWTMP
:ALLOW FILE=*BACKF;SHOW
Related Commands
CONSOLE
DISALLOW
SHOWALLOW