HP Distributed Print Service Administration Guide
Chapter 8 231
Managing DCE Security for HPDPS
Deciding Which Groups Your Organization Needs
Deciding Which Groups Your Organization
Needs
When you execute the pddcesetup command, the command creates two
DCE groups: pd_admin and pd_operator. By default, these groups have
permissions for every object in every HPDPS system you create. This
includes spoolers, supervisors, queues, logical and physical printers, and
other objects. The pd_admin group has read, write, and delete
permission, and the pd_operator group has read and write permission.
The pd_admin and pd_operator groups might be sufficient for your
needs. Members of these two groups can do all of the administrative and
operational work for your system. See “Giving Your DCE Groups
Permissions to HPDPS Objects” later for an explanation of how DCE
permissions work and for instructions on how to give DCE groups
permissions for HPDPS objects.
However, your organization might require different kinds of permissions
than are provided by these two groups. For example, you can create
groups that have some of the same permissions that these have, but to
fewer servers or other objects. Or you can give some individuals
permissions for specific HPDPS objects. In this way, you can allow people
to do certain tasks, such as modifying physical printers or using
restricted printers, without allowing those people to modify or use all of
the objects in the system. For instructions on how to create additional
DCE groups, see “Creating Additional Groups” in the next section. For
instructions on how to give a person an account with a DCE group, see
the appropriate DCE documentation.