Access Controls
The access controls for individual users must set lower limits than those of the projects
of which they are a member. That is to say, they must have a lower priority, smaller
number of CPUs, smaller memory limit and so on than the access control record for the
project. Where a memory limit exists for a user or project, it takes precedence over any
default limit set on the partition (see Section 10.2.16).
When the system is installed, there are no access control records. If there is no default
access control record in the database when a Partition Manager starts, it creates one
using information from the partition. The memory limit is set to that of the partition,
the priority is 0 and the CPU usage limit is equal to the number of CPUs in the partition.
If the partition has no memory limit then all jobs run with memory limits disabled until
access control records are created.
6.3.1 Access Controls Example
To illustrate how the RMS access controls mechanism works, we consider an example in
which a system is primarily intended for use by Jim, Mary and John, members of the
project called design. When they are not using the system, anyone else can submit small
jobs.
First, create a project record for design:
rcontrol create project = design description = "System Design Team"
name id description
design 1 System Design Team
Now create user records for Jim, Mary and John:
rcontrol create user = jim project = design
rcontrol create user = mary project = design
rcontrol create user = john project = design
name projects
jim design
mary design
john design
Now create access controls for the design project and for the default project (all other
users):
rcontrol create access_control = design class = project partition = \
Access Control, Usage Limits and Accounting 6-3