|
HP OpenVMS Systemsask the wizard |
|
The Question is: Do operators need the CMKRNL privilege to submit batch jobs to run under another account? If not, what are the minimum privileges needed? Thanks. The Answer is : The OpenVMS Wizard generally discourages running jobs under the usernames of others, as this plays havoc with user accountability. If the SUBMIT/USER command is required, then yes, CMKRNL privilege is required for its execution. In practice, no user privileges are required -- assuming that supporting procedures and tools have been configured appropriately. That tools that allow the users to perform operations have been created -- either DCL-based using various techniques -- or that installed images have been created, and particularly that enforce some security while also providing auditing or accountability, and (usually through image installation) access to the CMKRNL privilege needed when specifying a username with the $sndjbc[w] system service. Existing topics -- including (5639), (5409), (2524), (798) and (159) -- will be of some interest. The OpenVMS Security Manual and the Writing Real Programs in DCL Book will be of interest.
|