User definition
The user names that are used as the streamlogon value
for Windows® job definitions must have user definitions.
This is not required for users who run jobs on other operating systems.
If you are using job types with advanced options,
you can use these values regardless of the operating system. For more
information, see Using user definitions on job types with advanced options.
Note: If you have the
enAddUser
global
option set to "yes", the user definition is
automatically added to the plan after you create or modify the user
definition in the database.Each user definition has the following format and arguments:
Syntaxusername[workstation#][domain\]username[@internet_domain]
password “passwordˮ
end
Arguments
- username
- [folder/] [workstation#]username
- [folder/]workstation
- Specifies the workstation on which the user is allowed to launch jobs and the folder where the workstation is defined, if any. The # symbol is required. The default is blank, meaning all workstations.
- username
- Specifies the name of the Windows user. The username field value can contain up to 47 characters.
- [folder/] [workstation#]domain\username
- [folder/]workstation
- Specifies the workstation on which the user is allowed to launch jobs and the folder where the workstation is defined, if any. The # symbol is required. The default is blank, meaning all workstations.
- domain\username
Specifies the name of the Windows domain user. The domain\username field value can contain up to 47 characters.
- [folder/] [workstation#]username@internet_domain
- [folder/]workstation
- Specifies the workstation on which the user is allowed to launch jobs and the folder where the workstation is defined, if any. The # symbol is required. The default is blank, meaning all workstations.
- username@internet_domain
Specifies the name of the user in User Principal Name (UPN) format. UPN format is the name of a system user in an email address format. The user name is followed by the at symbol followed by the name of the Internet domain with which the user is associated. The username@internet_domain field value can contain up to 47 characters.
Note:If you define a user for Windows operating systems:- User names are case-sensitive. Also, the user must be authorized to log on to the workstation on which IBM Workload Scheduler launches jobs, and have the permission to Log on as batch.
- If the user name is not unique, it is taken to mean a local user, a domain user, or a trusted domain user, in that order.
- password
- Specifies the user password. The password can contain up to 31 characters, and must be enclosed in double quotation marks. To indicate a null password, use two consecutive double quotation marks with no blanks in between, ". When a user definition has been saved, you cannot read the password. Users with appropriate security privileges can modify or delete a user, but password information is never displayed.
Examples
The following example
defines four users:
username joe
password "okidoki"
end
#
username server#jane
password "okitay"
end
#
username dom1\jane
password "righto"
end
#
username jack
password ""
end
#
username administrator@twsbvt.com
password "internetpwd"
end
#
username serverA#dom1\jack
password "righto"
end
#
username serverB#user1@twsbvt.com
password "internetpwd"
end
#
Comments
Passwords extracted
with the
composer extract
command are of limited
use. When you run the composer extract
command on
a user definition, the password is obfuscated with the "**********
"
reserved keyword. If you try running the composer import
, replace
,
or modify
commands on an extracted user password,
the password replacement has no effect and the old password is maintained.
Also, if you try running the composer create
, new
,
or add
commands on a user where the password equals
the "**********
" reserved keyword, the following
error is returned: AWSJCL521E The password specified for the Windows user "USER_NAME" does
not comply with password security policy requirements.
Note
that the reserved keyword is a string of ten asterisks (*). You cannot
enter a sequence of ten asterisks as a password, but you can have
a password with any other number of asterisks.To
fix this problem, make sure you run the composer extract
with
the ;password option.
See also
For more information about how to perform the same task from the Dynamic Workload Console, see: