Security considerations for Workload Manager

Edit online

To assign a process to a class or to cancel a prior manual assignment, the user must have authority both on the process and on the target class.

These constraints translate into the following rules:

  • The root user can assign any process to any class.
  • A user with administration privileges on the subclasses of a given superclass (that is, the user or group name matches the user or group names specified in the attributes adminuser and admingroup of the superclass) can manually reassign any process from one of the subclasses of this superclass to another subclass of the superclass.
  • Users can manually assign their own processes (ones associated with the same real or effective user ID) to a subclass for which they have manual assignment privileges (that is, the user or group name matches the user or group names specified in the attributes authuser and authgroup of the superclass or subclass).

To modify or terminate a manual assignment, users must have at least the same level of privilege as the person who issued the last manual assignment.