LISTSERV - HP3000-L Archives

HP3000-L Archives

September 2009, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L September 2009, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Restrict access
From:	Gilles Schipper <[log in to unmask]>
Reply To:	Gilles Schipper <[log in to unmask]>
Date:	Fri, 25 Sep 2009 22:10:23 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (109 lines)

Actually, not quite.

Giving the user and group GL capability would be the right solution 
ONLY if the user OPERATOR.AIS had FILES as his/her home group.

Once a user strays from his/her home group, he/she loses GL capability.

So, rather than use GL for the purpose of restricting access, AL 
could appropriate.

However, if any other user in the account had AL capability, they too 
would have access to the files in the FILES group.

Of course, any user with AM or SM capability would have unlimited 
access to any file in any group of the account.

So, in Reggie's specific case, GL would work as long as OPERATOR's 
home group is FILES.

Or, if that's not the case, changing GL to AL in the given ALTUSER 
and ALTGROUP commands would serve the purpose - as long as no other 
user in the account (other than the account manager who cannot be 
restricted in any case) has AL capability.

If that too is not the case, I cannot think of a way to so narrowly 
restrict access to a group of files to a specific user.

Hope that makes sense.

At 09:51 PM 2009-09-25, Olav Kappert wrote:
>Reggie:
>
>Yes if I understand the question right.
>
>This is done through access rights.
>
>Use altgroup, altacct  to set them up the way you want (;ACCESS= 
>r,l,a,w,x,s:any,ac,gu,al,gl,cr) depending on the alt type and 
>altuser (;cap=sm,am,al,gl,di,op) depending on the level of access 
>you want the user to have.
>
>ALTGROUP FILES.AIS;ACCESS=r,l,a,w,x,s:GL
>ALTUSER OPERATOR.AIS;CAP=GL,OP and any other capabilities you want
>
>Hope this is of some help.
>
>With MPEX, alot more can be done.
>
>Olav Kappert
>IOMIT International
>http://IOMIT.UnitedStates.com
>
>
>Reggie Monroe wrote:
>
>>Is there a way to restrict access to only a certain user within an 
>>account. For example I would only like user OPERATOR.AIS to have 
>>access to everything in the FILES.AIS group and account.
>>
>>[cid:image005.jpg@01CA3E0B.CA79C220]
>>
>>Reginald C. Monroe Jr | Sr. Systems Administrator |  Mercury Insurance
>>555 W. Imperial Hwy. Brea, CA 92821
>>(714) 671-6753 Direct  (714) 671-6541 Fax
>>www.mercuryinsurance.com<http://www.mercuryinsurance.com>
>>
>>
>>
>>
>>This email and/or any files or attachments transmitted with it are 
>>confidential and intended solely for the use of the individual or 
>>entity to whom they are addressed, and may contain information that 
>>is privileged, confidential and exempt from disclosure under 
>>applicable law. If you are not the intended recipient, or the 
>>employee or agent responsible for delivering the message to the 
>>intended recipient, you are hereby notified that any dissemination, 
>>distribution or copying of this e-mail and/or any files or 
>>attachments transmitted with it is strictly forbidden. If you have 
>>received this email in error, please delete the e-mail and/or any 
>>files or attachments, and also notify the system manager 
>>([log in to unmask]) of the error. Please note that 
>>any views or opinions presented in this email are solely those of 
>>the author and do not necessarily represent those of the company. 
>>Finally, the recipient should check this email and any attachments 
>>for the presence of viruses. The company accepts no liability for 
>>any damage caused by any virus transmitted by this email and/or any 
>>files or attachments transmitted with it.
>>
>>
>>* To join/leave the list, search archives, change list settings, *
>>* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>>
>>
>
>* To join/leave the list, search archives, change list settings, *
>* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

-------------------------------------------------------------------------------------------------
Gilles Schipper
GSA Inc.
HP System Administration Specialists
300 John Street, Box 87651   Thornhill, ON Canada L3T 7R4
Voice: 416.702.7900     Fax: 905.889.3001
email:  [log in to unmask]  web: http://www.gsainc.com
-------------------------------------------------------------------------------------------------

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU