Example
The following examples demonstrate how to restrict access to specific folders. Even with access to a folder, a user still needs additional rights to work with the objects defined in it. When submitting a job or job stream defined in a folder, use access is required on the workstation (cpu) where the job is defined, in addition to access to the folder and the objects it contains.
HCL Workload Automation administrator can grant administrator permissions to a user on a folder, ACL, so that the user can freely assign access control lists to other users on the same folder or any sub-folders. Users can then access the objects in the folder or sub-folders. For more information about delegating administrator access to users and groups on a folder, see Granting administrator permissions to a user on a folder.
Examples
ACL
access on the folder. With this access, Linda can create
access control lists to grant access to the folder or sub-folders to other users with
a predefined role. The following is the security file for Linda, the
app1_admin
user:###########################################################
# Sample Security File
###########################################################
USER APPADMINofPRDAPP1 cpu=JUPITER+LOGON=app1_admin
begin
# OBJECT ATTRIBUTES ACCESS CAPABILITIES
# ---------- ------------ -------------------
job cpu=JUPITER + folder = "/PRD/APP1","/PRD/APP1/"
access=add,delete,display,modify,use,list,unlock
schedule cpu=JUPITER + folder = "/PRD/APP1","/PRD/APP1/"
access=add,delete,display,modify,use,list,unlock
folder name="/PRD/APP1","/PRD/APP1/"
access=add,delete,display,modify,use,list,unlock,acl
###########################################################
# Sample Security File
###########################################################
user jsmith cpu=JUPITER
begin
# OBJECT ATTRIBUTES ACCESS CAPABILITIES
# ---------- ------------ -------------------
job cpu=JUPITER + folder = /APPS/ access=@
schedule cpu=JUPITER + folder = /APPS/ access=@
cpu cpu=JUPITER+LOGON=jsmith access=use
folder name=/APPS/ access=add,delete,display,
modify,use,list,unlock,acl
folder name=/ access=add,delete,display,modify,use,list,unlock
To grant a user access only to the root folder (/), you can omit specifying the
folder object in the security
file. This is the same behavior as in security files for releases prior to Version 9.5. After
upgrading to Version 9.5, all of the objects are moved to the root folder, so if you continue to use
your old security file which does not include the v95fp1 attribute or object (for example, for jobs,
JOB CPU=@ ACCESS=ADD,ADDDEP,…,RERUN,SUBMIT,USE,LIST,UNLOCK
, then users have access
to only the root (/) folder by default.
folder name=/APPS/ access=add,delete,display,modify,use,list,unlock
folder name=/APPS access=add,delete,display,modify,use,list,unlock
folder name=/APPS/APP1 access=add,delete,display,modify,use,list,unlock
folder name=/APPS/ access=@
folder name=/APPS/APP1/APP2 access=@