HP Distributed Print Service Administration Guide
Chapter 8 229
Managing DCE Security for HPDPS
Determining Appropriate DCE Permissions for HPDPS User Groups
Determining Appropriate DCE Permissions
for HPDPS User Groups
This section discusses examples of four different categories of users who
need different kinds of permission for HPDPS objects. In the examples,
you will see how to give each category the minimum permissions
necessary to do a given job.
Administrators This group needs to be able to create, delete, and
modify the objects for which they are responsible in the
printing network. To do this, they must have read,
write and delete permission for the objects. The
default pd_admin group, which is created by the
pddcesetup command, already has these permissions
for all HPDPS objects. See “Deciding Which Groups
Your Organization Needs” next for an explanation of
how the default groups were created and how they
received their permissions.
System Operators This group needs to be able to manage jobs and assist
users. The operator must have read and write
permission for the physical printer. If the operator will
be assisting with jobs that are retained in the spooler,
the operator must have read and write permission for
the spooler. The default pd_operator group, which is
created by the pddcesetup command, already has read
and write permission for all HPDPS objects in your
system, including all queues, physical printers, and
spoolers.
Printer Operators This group loads media and other supplies into the
printer devices they support. To make a physical
printer accurately reflect the state of its printer device,
a printer operator needs to be able to set the physical
printer attributes, such as job-size-range-ready.To
set physical printer attributes, the operator must have
read and write permission for the physical printer.
The default pd_operator group, which is created by
the pddcesetup command, alreadyhas read and write
permission for all HPDPS objects in your system,
including all physical printers.