HP 3000 Manuals HP 3000 Manuals
ALLOW
Grants a user access to a specific operator command.
Syntax
ALLOW FILE=formaldesignator[;SHOW] ALLOW
[@.@ ]
[user.@ ];COMMANDS=command[,command,...]
[@.acct ]
[user.acct]
Parameters
formal- designator An ASCII file name, which may consist of one to
eight alphanumeric characters, beginning with an
alphabetic character. It may be fully or partially
qualified and may be back-referenced in a file
equation.
SHOW Lists input lines on $STDLIST.
@.@ Grants access to all users whether logged on or
not.
user.@ Grants access to a specific user in all accounts.
@.acct Grants access to all users in a specific account.
user.acct Grants access to a specific user in a specific
account.
command The names of those commands to which the user is
granted access.
Operation Notes
The operator uses the ALLOW command to distribute specific operator
commands to system users. ALLOW specifies which users may execute
operator commands, and which commands they may execute.
You may specify an indirect file with the ALLOW command, or you may
execute ALLOW in subsystem mode. Each of these is explained below.
Using an indirect file to allow commands
To allow commands via an indirect file, you create a file that contains
records identifying the users and accounts to whom you are allowing
operator commands, followed by the list of commands allowed.
Using an indirect file with the ALLOW command is particularly convenient
for system administrators since, once you make the file, you can reuse it
to disallow the set of commands (via the DISALLOW command) or to allow
the same set of commands again.
Here is an example of an indirect file:
EDITOR
HP32201A.07.17 EDIT/3000 TUES, MAY 29, 1994, 5:08 PM
(C) HEWLETT-PACKARD CO. 1985
/ADD
1 SUSAN.PAYROLL;COMMANDS=ALTJOB,ALTSPOOLFILE
2 JOHN.ACCTNG;COMMANDS=ALTJOB,DELETESPOOLFILE
3 //
...
/KEEP ALLOWTMP
/E
Once you create an indirect file, you then issue the ALLOW command, using
the ;SHOW parameter to display each command line as it is executed from
the file. For example:
ALLOW FILE=ALLOWTMP;SHOW
You may backreference the file with a file equation as follows:
FILE BACKF=ALLOWTMP
ALLOW FILE=*BACKF;SHOW
If the file has a lockword, enter it in the command line after the
filename. For example, "ALLOWTMP/password".
Using ALLOW in subsystem mode
To use the ALLOW command in subsystem mode, following these steps:
1. Enter ALLOW, followed by Return.
2. At the prompt (>), enter all of the commands you want to allow.
3. When you finish, press Return and enter a colon : as the first
character of the new line. (You may also type EXIT.)
You cannot use the FILE= parameter in subsystem mode. The ALLOW
subsystem will terminate if it encounters an error.
You may allow commands only to users who are currently logged on unless
you specify the @.@ option, which allows commands to all users. (Since
this option has obvious disadvantages, you can remedy the situation by
then issuing a DISALLOW command to disallow command use to selected
users.)
Additional capabilities granted to a user are valid only for the duration
of their current session. Once the user logs off, any special
capabilities previously assigned are no longer applicable.
To determine which operator commands have been allowed globally (that is,
using the @.@ construct), or to a specific user, use the SHOWALLOW
command.
NOTE Do not confuse console commands--which are NOT allowable--with
operator commands. Operator commands are used in the day-to-day
operation of your system and are generally allowable. A console
command must be executed on the actual system console and must be
preceded by cntl-A. Some console commands have the same name as
non-console commands, an example is RECALL, which may be executed
on any device.
The following is a list of commands that may be allowed.
ABORTIO HEADON RESUMESPOOL
ABORTJOB JOBFENCE SHUTQ
ACCEPT JOBSECURITY STARTSPOOL
ALLOW LDISMOUNT STOPSPOOL
ALTJOB LIMIT STREAMS
ALTSPOOLFILE LOG UP
CONSOLE MRJECONTROL VMOUNT
DELETESPOOLFILE OPENQ VSCLOSE
DISALLOW OUTFENCE VSOPEN
DISCRPS REFUSE VSRELEASESYS
DOWN REPLY VSRESERVESYS
DOWNLOAD RESUMEJOB WARN
HEADOFF SPOOLER WELCOME
Use
You may issue this command from a session, job, program, or in BREAK.
Pressing Break will terminate subsystem mode and produce an error message
but has no effect on commands already entered in subsystem mode. This
command is executable only from the console unless distributed to users
with the ALLOW command.
Examples
To give the user USER.TECH the ability to execute the REPLY and ABORTIO
commands, you would enter the following at the system console:
ALLOW USER.TECH;COMMANDS=REPLY,ABORTIO
In subsystem mode, to give the user MGR.MANUALS the ability to execute
the BREAKJOB command, you would enter the following at the system
console:
ALLOW
>MGR.MANUALS;COMMANDS=BREAKJOB
>EXIT
Related Information
Commands DISALLOW, SHOWALLOW
Manuals Performing System Operation Tasks (32650-90137)