|
|
Performing System Management Tasks: HP 3000 MPE/iX Computer Systems > Chapter 8 Allowing Access to the SystemAssigning capabilities |
|
Capabilities are privileges that can be assigned to users, accounts, groups, and programs. Capabilities specify what users can do on the system by implementing four types of control: user control, file control, program control, and resource control. These categories of control are not mutually exclusive. For example, DI is a capability to run certain diagnostic programs on the system. Although classified as a user-control capability, it also deals with program control. The system manager or account manager has the capability to assign these privileges or to take them away. The system manager can assign any privileges to anyone on the system. The account manager (the person accessing an account with account manager (AM) capability), can assign capabilities, not exceeding their own, to anyone in the account. The table below summarizes capabilities. The A, G, U, and P columns in indicate capabilities that can be allowed to the account (A), group (G), user (U), and program (P) entities. Table 8-2 Capabilities
When you create accounts, groups, and users, they each receive certain default capabilities:
You may assign accounts and users all of the capabilities, but you can assign groups and programs only BA, DS, IA, MR, PH, and PM capability. To assign capabilities to accounts, groups, users, and programs, use the NEWACCT, NEWGROUP, and NEWUSER commands. For example, if you are the system manager or the account manager of the PAYROLL account, enter the following to assign capabilities to a new user named GEORGE:
Alter capabilities for existing accounts, groups, and users with the ALTACCT, ALTGROUP, and ALTUSER commands. For example, to add the group librarian (GL) and account manager (AM) capabilities to your new user named GEORGE in the PAYROLL account, enter:
Or, you can add the GL and AM capabilities to his account by entering the command this way:
The NEWACCT, ALTACCT, NEWGROUP, and ALTGROUP commands have parameters that offer additional control over system resources. The following list defines the parameters for these commands:
For example, to limit the disk space the PAYROLL account can use, enter
You can have MPE/iX keep track of user events in a log file. A new log file begins automatically every time you reboot, but you can also start a new log file as necessary. To keep a certain type of log, you use the LOG configurator in SYSGEN to change its status to "ON". For more information, read chapter 5 of this manual. |
|