Technical data
4.2 Authorization
Advanced Printing Software authorization is based on associating a user
with a privilege level. There are three user levels defined for print system
users:
• End user — A user that only prints through the print system. This is
the least privileged user.
• Operator — A user that controls the printers in a facility. Operators have
privileges that allow them to pause and resume printers and servers,
requeue jobs, and shut down servers.
• Administrator — A user that has the operator privileges and those
required to configure the system.
The print system also grants privileges to the local root account. This is the
root account (UID 0) on the system where the print system server is running.
The local root user has administrator privileges regardless of what is defined
in an ACL, and local root is the only user that has the authorization required
to start a server.
4.2.1 End User Operations
If the client for a print system request has been granted end user
authorization, the client can perform the following operations:
• Print on a logical printer that is associated with a server where the user
has access rights.
• Resubmit a job that the user owns, provided that it is being resubmitted
through a server where the client has access rights.
• Cancel jobs that the user owns.
• List
(pdls) operations on servers, queues, and printers.
• List (pdls) operations on jobs and documents that the user owns.
• Set or modify attributes on a job that the user owns.
• List (pdq) job queue operations. However, the print system limits the
attributes returned for jobs not belonging to the user to those in the
server job-attributes-visible-to-all list.
4.2.2 Operator Operations
Print system operators perform day-to-day printer and job management
functions. If a client for a print system operation has been granted operator
authorization, the client can perform all of the end user operations as well
as the following:
• Remove print jobs from a (pdclean) a server or queue.
4–2 Managing Security