IBM RELEASE 7.3 Computer Drive User Manual


 
% /opt/hpss/bin/hpssuser -add john -ssm
[ adding ssm user ]
1) admin
2) operator
Choose SSM security level
(type a number or RETURN to cancel):
> 1
[ ssm user added : admin ]
After SSM users are added, removed, or modified, the System Manager will automatically discover the
change when the user attempts to login. See the hpssuser man page for details.
Removing an SSM user or modifying an SSM user's security level won't take effect until that user
attempts to start a new session. This means that if an SSM user is removed, any existing SSM
sessions for that user will continue to work; access won't be denied until the SSM user attempts
to start a new SSM session. Likewise, if the SSM user's security level is changed, any existing
sessions for that user will continue to work at the old security level; the new security level access
won't be recognized until the SSM user starts a new SSM session).
3.3.2.2. SSM User Authorization
SSM user authorization is set properly by the hpssuser utility with no further modification required. This
section explains how the authorization levels are stored internally and how they may be viewed for
debugging or modified.
The SSM admin and operator security authorization levels are defined in the AUTHZACL table in the
HPSS DB2 database. Each SSM user must have an entry in this table. The permissions supported in the
table are:
r – read
w write
x – execute
c control
i – insert
d delete
t – test
SSM administrators must be granted all permissions: rwxcidt. SSM operators must be granted
r—c—t permissions. All other permission combinations are not recognized by the SSM server and will
be treated as no permissions at all.
The AUTHZACL table may be viewed or updated with the hpss_server_acl utility. The hpssuser
utility program creates and deletes SSM user entries in the AUTHZACL table using the hpss_server_acl
utility. Normally, there is no need to invoke the hpss_server_acl utility directly because it is invoked by
the hpssuser utility. However, it is a useful tool for examining and modifying the authorization table.
HPSS Management Guide November 2009
Release 7.3 (Revision 1.0) 36