Users logged into the sys group on the master domain manager
user masterop cpu=$master + group=sys
###########################################################
# APPLIES TO USERS LOGGED INTO THE SYS GROUP ON THE
# MASTER DOMAIN MANAGER.
user masterop cpu=$master + group=sys
begin
# OBJECT ATTRIBUTES ACCESS CAPABILITIES
# ---------- ------------ ----------------------
job cpu=@ + logon="TWS_domain\TWS_user"
+ folder = / access=@
job cpu=@ + logon=root + folder = /
+ cpufolder = /
access=adddep,altpri,cancel,confirm,
deldep,release,reply,rerun,submit,use
job cpu=@ + logon=@ ~ logon=root + folder = /
+ cpufolder = /
access=add,adddep,altpri,cancel,confirm,deldep,
release,reply,rerun,submit,use
schedule cpu=$thiscpu + folder = / + cpufolder = / access=@
schedule cpu=@ + folder = / + cpufolder = /
access=adddep,altpri,cancel,
deldep,limit,release,submit
resource + folder = / access=add,display,resource,use
file name=globalopts access=display
file name=prodsked access=display
file name=symphony access=display
file name=trialsked access=build, display
calendar + folder = / access=display,use
cpu cpu=@ + folder = / access=@
parameter name=@ ~ name=r@ + folder = / access=@
report name=RUNHIST,RUNSTATS access=display
wkldappl name=@ + folder = / access=add,delete,display,modify,list,unlock
lob name=@ access=use
folder name=/ access=@
end
This user definition applies to users logged into the sys group
on the master domain manager.
They are given a unique set of access capabilities. Multiple object
statements are used to give these users specific types of access to
different sets of objects. For example, there are three job statements:
- The first job statement permits unrestricted access to jobs that run on any workstation (@) under the user's name (TWS_domain\TWS_user).
- The second job statement permits specific types of access to jobs that run on any workstation and that run as root.
- The third job statement permits specific types of access to jobs that run on any workstation. Jobs that run as root are excluded.