HP Distributed Print Service Administration Guide
248 Chapter8
Managing DCE Security for HPDPS
Giving Your DCE Groups Permissions to HPDPS Objects
You can use this same method to set the permissions that anyHPDPS
object grants.
Taking Away All Permissions That a Group Has to an Individual
HPDPS Object
There might be times when you want to remove the permissions that a
group has to an HPDPS object. For example, you might decide to remove
the pd_operator group permissions from a server that you want to be
supported exclusively by a different group.
To remove the permissions that a group has to an HPDPS object, use the
following steps:
1. If you have not already done so, log in to DCE as the cell
administrator. For example, if the cell administrator login is
cell_admin, enter:
dce_login cell_admin
When prompted, enter the cell administrator password.
2. Use the acl_edit command to remove permissions for pd_operator.
• Use the -e flag because you are modifying an object ACL rather
than an IO or IC ACL.
• Use the pdsec soft link.
• Use the -d flag to delete an entry from the ACL. For example,
enter:
acl_edit -e /.:/pdsec/Spool1 -d group:pd_operator:
The pd_operator group no longer has any permissions to the spooler
Spool1. Use this same command, specifying the different objects
individually, to remove the pd_operator group permissions from the
ACLs of any objects contained in the spooler. For example, to remove a
group from the permissions granted by the logical printer LogPrt1,
which resides in Spool1, specify /.:/pdsec/Spool1/printer/LogPrt1
in your acl_edit command.
Taking Away All Permissions That any_other and
unauthenticated Have to an HPDPS Object
To remove the read permission granted by the restricted logical printer
LogPrt1Restrict to unauthenticated and any_other, use the
following steps: