HP Distributed Print Service Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

231

232

233

234

235

236

237

238

239

240

238 Chapter8

Managing DCE Security for HPDPS

Giving Your DCE Groups Permissions to HPDPS Objects

directory also are created automatically for every supervisor when it is

created. A printer directory (for logical printers) is created

automatically for every spooler when the spooler is created. A queue

directory, other directory, and log directory also are created

automatically for every spooler when it is created.

There is one very important difference between the way that DCE

permissions and UNIX permissions work. With DCE, you can choose not

only to set the permissions for a given object entry, but also to set the

permissions for all the objects that an entry will eventually contain, if

the entry will contain objects. The permissions propagate downward.

Understanding How DCE Permissions Propagate

Downward

Before an HPDPS object exists, you can set the initial, or default,

permissions that it will grant after it has been created. Depending on

which type of HPDPS objects you are setting permissions for, and how

much of your HPDPS system already exists, you will set permissions

either at the/.:/pdsec directory or at the sub-directories and ﬁles

contained within this directory.

For example, suppose that you want to set permissions for all of the

physical printers in the supervisor Super203. Rather than setting the

permissions of each physical printer individually, you can set them all at

one time by setting the initial object (IO) permissions of the

/.:/pdsec/Super203/printer directory. When you have done this, any

physical printers that you subsequently create in the supervisor

Super203 will grant the new permissions.

Propagation only works on objects and directories that have not yet been

created. To make an effective change, you must set permissions at the

lowest directory level in existence for the objects with which you are

working.

Consider the physical printer PhysPrt1 shown previously in

“Understanding Where HPDPS Security Information is Stored”. The

DCE namespace entry for this physical printer is:

/.:/pdsec/Super203/printer/PhysPrt1

This namespace entry for the physical printer came into existence at the

moment you created the printer. Since the namespace entry exists, if you

now set permissions on the /.:/pdsec/Super203/printer directory,