The Access Control List Section [acls] assigns one or more access "types" to individual users or groups in a comma separated list.
Syntax
[acls]
<user_name> | <group_name> = <access type list>
Keyword and Parameter Descriptions
Keyword |
Description |
<user_name> | <group_name> |
Individual user_name/user-id or group_name
|
<access type list> |
A comma separated list of one or more of the following access or authorization types listed in ascending order of authority:- none - Explicitly assign no authorization. When present in a list all other elements of the list are ignored.
query - Allow to query the daemon about the state of the daemon and its agents. That includes the SQDmon utility Inventory and Display commands.
read - Allow to read data from an agent. An engine must have such authorization to be able to fetch cdc data from a publisher.
write - Not presently used.
exec - Allow to start or stop an agents. This type is both agent type and platform specific. Engine and Program (which includes scripts supported on the platform) Types may be started and stopped only on platforms other than z/OS.
admin - Allow all rights. This level of access is required for to reload a modified daemon configuration.
sysadm - A special rights that allow the ability to shutdown the daemon itself. By default only the user used to run the daemon has that ability, unless that user has been given sysadm access/authorization explicitly or via a group in the acl.cfg file.
|
Note:
- When a type of access or authorization is assigned to a group_name, the list will propagate to all users in the group.
- Access types are cumulative therefore it is only necessary to list the maximum access or authorization allowed for an individual User or Group.
- The user_name/user_id that starts the daemon, is implicitly granted sysadm access whether or not explicitly assigned to a group or individually assigned another specific access right or authorization.