Manualshelf

HP Distributed Print Service Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
231232233234235236237238239240
Chapter 8 235
Managing DCE Security for HPDPS
Creating Additional Groups
an entry from an object ACL, see “Taking Away All Permissions
That any_other and unauthenticated Have to an HPDPS Object”
later.
3. Create a DCE group and give the group read permission for the
logical printer.
4. Give an account to each person who will use the logical printer and
add them to the group. When logged in to DCE, members of the group
can submit jobs to that logical printer.
Restricting Functions of a Printer Device
Use this section to allow one group of users use of all the functions of a
printer device, and allow everyone else use of only a selection of
functions.
1. Configure your system so that only restricted logical printers sending
output to the device support all of the printer-device functions.
a. To restrict the logical printers that will support all the functions,
use the pdset command to set the value of the authorize-jobs
attribute for each logical printer to yes. This restricts a logical
printer so that it only accepts print requests from those users who
are logged in to DCE.
b. Then you can restrict the logical printers so that they only accept
print requests from those users who are both logged in to DCE and
belong to a DCE group with explicit read permission for the
logical printer. To do this, use the acl_edit command to remove
any_other and unauthenticated from the ACL for the logical
printer. This prevents all users who are simply logged in to DCE
from having read permission for the logical printer. For
instructions on removing an entry from an object ACL, see
“Taking Away All Permissions That any_other and
unauthenticated Have to an HPDPS Object” shortly.
c. You can also remove the permissions that the logical printer
grants by default to the pd_admin and pd_operator groups. If you
do so, be sure to add one or more new groups to take the place of
these two default groups.
2. When a logical printer is restricted, to allow a person to use it, create
a DCE group and give the group read permission for the logical
printer. Then give an account to each person who will use the printer