Specifying object attribute values
- Name (name)
- Specifies one or more names for the object type.
- For the Files (file) object type, the following values apply:
- globalopts
- Allows the user to set global options with the
optman
command. The following access types are allowed:- Display access for
optman ls
andoptman show
- Modify access for
optman chg
- Display access for
- prodsked
- Allows the user to create, extend, or reset the production plan.
- security
- Allows the user to manage the security file.
- Symphony
- Allows the user to run stageman and JnextPlan.
- trialsked
- Allows the user to create trial and forecast plans or to extend trial plans.
Note: Users who have restricted access to files should be given at least the following privilege to be able to display other object types that is, Calendars (calendar) and Workstations (cpu):file name=globalopts action=display
- For the Variable Tables (vartable) object type, you can use the $DEFAULT
value for the Name (name) attribute to indicate the default variable table.
This selects the table that is defined with the
isdefault
attribute.
- For the Files (file) object type, the following values apply:
- Workstation (cpu)
- Specifies one or more workstation, domain, or workstation class name. Workstations and workstation classes can optionally
be defined in a folder.
If this attribute is not specified, all defined workstations and domains can be
accessed. Workstation variables can be used:
- $MASTER
- The IBM Workload Scheduler master domain manager.
- $AGENTS
- Any fault-tolerant agent.
- $REMOTES
- Any standard agent.
- $THISCPU
- The workstation on which the user is running the IBM Workload Scheduler command or program.
If you use the composer command line to define security domains, the following syntax applies:cpu=[folder/]workstation]...
- folder=foldername
- Scheduling objects such as, jobs, job streams, and workstations, to name a few, can be defined in a folder. A folder can contain one or more scheduling objects, while each object can be associated to only one folder. The default folder is the root folder (/).
- cpufolder=foldername
- The folder within which the workstation or workstation class is defined.
- Custom (custom)
-
Use this attribute to assign access rights to events defined in event plug-ins. The precise syntax of the value depends on the plug-in. For example:
- Specify different rights for different users based on SAP R/3 event names when defining event rules for SAP R/3 events.
- Define your own security attribute for your custom-made event providers.
- Specify the type of event that is to be monitored. Every event can refer to an event provider.
If you use composer command line to define security domains, the following syntax applies:custom=value[,value]...
- JCL (jcl)
- Specifies the command or the path name of a job object's executable file. If
omitted, all defined job files and commands qualify.
You can also specify a string that is contained in the task string of a JSDL definition to be used for pattern matching.
If you use composer command line to define security domains, the following syntax applies:jcl="path" | "command" | "jsdl"
- JCL Type (jcltype)
- Specifies that the user is allowed to act on the definitions of jobs that run only
scripts (if set to scriptname) or commands (if set to
docommand). Use this optional attribute to restrict user
authorization to actions on the definitions of jobs of one type only. Actions are
granted for both scripts and commands when JCL Type (jcltype) is
missing.
A user who is not granted authorization to work on job definitions that run either a command or a script is returned a security error message when attempting to run an action on them.
If you use composer command line to define security domains, the following syntax applies:jcltype=[scriptname | docommand]
- Logon (logon)
-
Specifies the user IDs. If omitted, all user IDs qualify.
You can use the following values for the Logon (logon) attribute to indicate default logon:- $USER
- Streamlogon is the conman/composer user.
- $OWNER
- Streamlogon is the job creator.
- $JCLOWNER
- Streamlogon is the OS owner of the file.
- $JCLGROUP
- Streamlogon is the OS group of the file.
If you use composer command line to define security domains, the following syntax applies:logon=username[,username]...
- Provider (provider)
-
For Actions (action) object types, specifies the name of the action provider.
For Events (event) object types, specifies the name of the event provider.
If Provider (provider) is not specified, no defined objects can be accessed.
If you use composer command line to define security domains, the following syntax applies:provider=provider_name[,provider_name]...
- Type (type)
-
For Actions (action) object types, is the
actionType
.For Events (event) object types, is the
eventType
.For Workstations (cpu) object types, the permitted values are those used in composer or the Dynamic Workload Console when defining workstations, such asmanager
,broker
,fta
,agent
,s-agent
,x-agent
,rem-eng
,pool
,d-pool
,cpuclass
, anddomain
.Note: The valuemaster
, used in conman is mapped against themanager
security attributes.If Type (type) is not specified, all defined objects are accessed for the specified providers (this is always the case after installation or upgrade, as the type attribute is not supplied by default).
If you use composer command line to define security domains, the following syntax applies:type=type[,type]...
- Host (host)
- For Actions (action) object types, specifies the TEC or SNMP host name (used
for some types of actions, such as sending TEC events, or sending SNMP). If it does
not apply, this field must be empty.If you use composer command line to define security domains, the following syntax applies:
host=host_name
- Port (port)
- For Actions (action) object types, specifies the TEC or SNMP port number
(used for some types of actions, such as sending TEC events, or sending SNMP). If it
does not apply, this field must be empty.If you use composer command line to define security domains, the following syntax applies:
port=port_number