Specifying object attribute values

The following describes the values allowed for each object attribute type:
name=name[,name]...
Specifies one or more names for the object type. Wildcard characters are permitted. Multiple names must be separated by commas.
  • The following values apply to the file object type:
    globalopts
    Allows the user to set global options with the optman command. Gives the following access types:
    • Display access for optman ls and optman show
    • Modify access for optman chg
    prodsked
    Allows the user to create, extend, or reset the production plan.
    security
    Allows the user to manage the security file.
    Symphony
    Allows the user to run stageman and JnextPlan.
    trialsked
    Allows the user to create trial and forecast plans or to extend trial plans.
    Note: Users who have restricted access to files should be given at least the following privilege to be able to display other objects (ie. calendars and cpus): 
    file  name=globalopts  access=display
  • For the event object type use one or more of the event type names listed in the TWSObjectsMonitor events table or the FileMonitor events table in the HCL Workload Automation: User's Guide and Reference.
  • For the action object type use one or more of the action type names listed in the table Action types by action provider in the HCL Workload Automation: User's Guide and Reference.
  • For the vartable object type, you can use the $DEFAULT value for the name attribute to indicate the default variable table. This selects the table defined with the isdefault attribute.
cpu=workstation + folder=foldername
Specifies one or more workstation, domain, or workstation class names. Workstations and workstation classes can optionally be defined in a folder; if defined, the folder can be specified in the folder attribute.Wildcard characters are permitted. Multiple names must be separated by commas. If this attribute is not specified, all defined workstations and domains can be accessed. Workstation variables can be used - see Using variables in object attribute definitions.
folder=foldername
Scheduling objects such as, jobs, job streams, and workstations, to name a few, can be defined in a folder. A folder can contain one or more scheduling objects, while each object can be associated to only one folder. The default folder is the root folder (/).
cpufolder=foldername
The folder within which the workstation or workstation class is defined.
custom=value[,value]...
Use this attribute to assign access rights to events defined in event plug-ins. The precise syntax of the value will depend on the plug-in. For example:
  • Specify different rights for different users based on SAP R/3 event names when defining event rules for SAP R/3 events.
  • Define your own security attribute for your custom-made event providers.
  • Specify the type of event that is to be monitored. Every event can be referred to an event provider.
jcl="path" | "command" | "jsdl"
Specifies the command or the path name of a job object's executable file. The command or path must be enclosed in double quotation marks (" "). Wildcard characters are permitted. If omitted, all defined job files and commands qualify.

You can also specify a string contained in the task string of a JSDL definition to be used for pattern matching. Ensure that the string begins and ends with the @ wildcard character and that it is entirely enclosed in double quotation marks as follows: "@my_string>@".

jcltype=[scriptname | docommand]
Specifies that the user is allowed to act on the definitions of jobs that run only scripts (if set to scriptname) or commands (if set to docommand). Use this optional attribute to restrict user authorization to actions on the definitions of jobs of one type or the other only. Actions are granted for both scripts and commands when jcltype is missing.

A user who is not granted authorization to work on job definitions that run either a command or a script is returned a security error message when attempting to run an action on them.

logon=username[,...]

Specifies the user IDs. Wildcard characters are permitted. Multiple names must be separated by commas. If omitted, all user IDs qualify.

The user ID can be a Windows domain user or an internet domain user and must be defined in one of the following formats:
domain\user name
The user belongs to a Windows domain. Insert the escape character '\' before the '\' character in the domain\user name value. For example if you use the MYDOMAIN\user1 value in the logon field, in the Security file you have the following line:
..............
logon=MYDOMAIN\\user1
...............
user name@internet_domain

The user belongs to an internet domain. The user name is in User Principal Name (UPN) format. UPN format is the name of a system user in an email address format. The user name is followed by the "at sign" followed by the name of the Internet domain with which the user is associated.

Insert the escape character '\' before the '@' character in the user name@internet_domain value. For example if you use the administrator@bvt.com value in the logon field, in the Security file you have the following line:
..............
logon=administrator\@bvt_env.com
...............
provider=provider_name[,...]

For action object types, specifies the name of the action provider.

For event object types, specifies the name of the event provider.

Wildcard characters are permitted. Multiple names must be separated by commas. If provider is not specified, no defined objects can be accessed.

type=type[,...]

For action object types, is the actionType.

For event object types, is the eventType.

For cpu object types, the permitted values are those used in composer or the Dynamic Workload Console when defining workstations, such as manager, broker, fta, agent, s-agent, x-agent, rem-eng, pool, d-pool, cpuclass, and domain.
Note: The value master, used in conman is mapped against the manager security attributes.

Wildcard characters are permitted. Multiple names must be separated by commas. If type is not specified, all defined objects are accessed for the specified providers (this is always the case after installation or upgrade, as the type attribute is not supplied by default).

host=host_name
For action object types, specifies the TEC or SNMP host name (used for some types of actions, such as sending TEC events, or sending SNMP). If it does not apply, this field must be empty.
port=port_number
For action object types, specifies the TEC or SNMP port number (used for some types of actions, such as sending TEC events, or sending SNMP). If it does not apply, this field must be empty.