HP Distributed Print Service Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

241

242

243

244

245

246

247

248

249

250

242 Chapter8

Managing DCE Security for HPDPS

Giving Your DCE Groups Permissions to HPDPS Objects

default_error log object, which represents the error log for the

supervisor.

The Spool6 entry also is a DCE container that contains the queue

container in addition to the other containers for supervisor entries (none

are shown). The printer directory contains the entries for the logical

printer objects contained in the spooler, and the queue directory contains

the entries for the queue objects. The log directory contains the entry for

the default_error log object, which represent the error log for the

spooler. The other directory contains the entries for the initial value job

and initial value document objects contained in the spooler. The object

ACLs for theseobjects are inherited from theIO ACLs oftheir containers

and are propagated from the/.:/pdsec branch through the

intermediary containers.

Because HPDPS creates the containers inside a server entry at the same

moment that you create a server, to set default permissions for all the

objects in a server at one time you must work at the level of the

/.:/pdsec directory before you create the server.

Edit the/.:/pdsec directory IO and IC permissions, then create the

servers. After you have created all the servers that will grant that

particular set of permissions, remove those permissions from the IO and

IC ACLs of the/.:/pdsec directory. This prevents servers created at a

later time from also granting those same permissions.

For example, suppose in your organization there are several distinct

groups of people who use different printers and have different support

needs. In this case, rather than using the pd_operator group for all your

HPDPS system operators, you might want to have several different

HPDPS system operator groups. Each different HPDPS system operator

group could work with a deﬁned set of queues, logical printers, physical

printers and so on, to support the needs of the people who are the most

common users of that set of objects.

Suppose you want the Dept_6_OPs HPDPS system operator group to

have read and write permission for all the objects in the spooler Spool6,

and the supervisors Super201, Super202, and Super203. Remember, you

have not yet created any of these servers. Accomplish this task by setting

IO and IC permissions in the security directory.