HP Distributed Print Service Administration Guide
234 Chapter8
Managing DCE Security for HPDPS
Creating Additional Groups
Permissions to HPDPS Objects” later for an explanation of how to do
this.
Planning a Group for People Who Will Use Restricted
Printers
This section discusses two ways you canuse DCE to restrict printers.You
can:
• restrict all use of a particular printer device to a special group of
users, such as managers who need to print confidential employee
information
• restrict certain functions of a printer device, such as one-sided
printing, to certain users
Together, HPDPS and DCE provide considerable flexibility in ways you
can restrict assess to physical printers and their features.
Restricting Access to a Printer Device
Use this section to restrict all use of a printer device to a particular
group of users.
1. Restrict each logical printer sending jobs to the physical printer
representing the device so that it only accepts print requests from
those users who are logged in to DCE. To do this, use the pdset
command to set the value of the authorize-jobs attribute for each
logical printer to yes. Now users who are not logged in to DCE or who
print from other platforms, cannot submit jobs to the logical printer
or printers.
2. Restrict each logical printer so that it only accepts print requests
from those users who are both logged in to DCE and belong to a DCE
group with explicit read permission for the logical printer. To do this:
a. Use the acl_edit command to remove any_other and
unauthenticated from the access control list (ACL) for the logical
printer. This prevents all users who are simply logged in to DCE
from having read permission for the logical printer.
b. If you wish, you can also remove the permissions that the logical
printer grants by default to the pd_admin and pd_operator
groups. If you do so, be sure to add one or more new groups to take
the place of these two default groups. For instructions on removing