Technical data
• Enable or disable a server, queue, or printer.
• Pause or resume a server, queue, physical printer, or any job.
• Promote a job.
• Set or modify
xxx–ready attributes.
• Shut down a spooler or supervisor.
4.2.3 Administrator Operations
Some print system installations might not have operators, but instead might
have only end users and administrators. In these cases, the administrators
perform the day-to-day print and job management functions.
If a client for a print system request has been granted the administrator
authorization, that client can perform the following operations:
• Every operation that an operator is authorized to perform.
• Set (pdset) all read and write attributes of all objects.
• Create servers, queues, printers, initial-value-jobs, and
initial-value-documents.
• Delete (pddelete) any object.
4.3 Authentication by Access Control Lists
The operations that end users, operators, and administrators are
authorized to perform are controlled by Access Control Lists (ACLs). These
authorizations and the ACLs control access only to server objects. ACLs do
not limit a user’s access to a particular printer.
ACLs are created by defining the access-control-list attribute for
servers. This attribute is multivalued and can be defined when a server is
created (pdmakedb) or at any time with the pdset command or through
the GUI. In most cases, you will not define all your ACL attributes when you
create a server but will add attributes after the server has been created.
Table 4–1 describes the fields of the access-control-list attribute.
Table 4–1: access-control-list Attribute Fields
Field Description
name
user name and host name (optional)
name-type
Type of user:
all-users
user
group
Managing Security 4–3