This article describes the lradmin and lrsubmitter roles and privileges for securing the long-running scheduler.
You can secure the long-running scheduler application by enabling global security. This application uses a combination of both declarative and instance-based security approaches to secure jobs and commands, where only users who are assigned with the lradmin or lrsubmitter role have the authority to perform grid operations in a security-enabled environment.
As illustrated in the following table, users who are assigned with the lradmin role have the authority to perform all long-running scheduler application actions on all jobs regardless of job ownership, while users who are assigned with the lrsubmitter role can only act on jobs that are owned by the submitters themselves. The X character represents authority in the table below.
Client commands | lradmin role | lrsubmitter role |
---|---|---|
submitRecurringRequest -xJCL=<file> | X | X For Version 6.0.x only. Not a privilege in Version 6.1. |
submitRecurringRequest -job=<jobname> | X | XFor Version 6.0.x only. Not a privilege in Version 6.1. |
cancelRecurringRequest -request=<requestid > | X | X (only request owned) For Version 6.0.x only. Not a privilege in Version 6.1. |
modifyRecurringRequest -request=<requestid> | X | X (only request owned) For Version 6.0.x only. Not a privilege in Version 6.1. |
getRecurringRequestDetails -request=<requestid> | X | X (only request owned) For Version 6.0.x only. Not a privilege in Version 6.1. |
showRecurringJobs -request=<requestid> | X | X (only request owned) For Version 6.0.x only. Not a privilege in Version 6.1. |
showAllRecurringRequests | X | X For Version 6.0.x only. Not a privilege in Version 6.1. |
submit -xJCL=<file> | X | X |
submit -job=<job name> | X | X |
submit -job=<job name> -add or replace | X | N/A This is an admin command. |
forcedCancel -jobid=<jobid> | X | X (only jobs owned) |
cancel -jobid=<jobid> | X | X (only jobs owned) |
purge -jobid=<jobid> | X | X (only jobs owned) |
output -jobid=<jobid> | X | X (only jobs owned) |
restart -jobid=<jobid> | X | X (only jobs owned) |
remove -job=<jobname> | X | N/A This is an admin command. |
suspend -jobid=<jobid> | X | X (only jobs owned) |
resume -jobid=<jobid> | X | X (only jobs owned) |
save -xJCL=<file> -job=<jobname> | X | N/A This is an admin command. |
show -job=<jobname> | X | X |
status (showAll) | X | N/A This is an admin command. |
status -jobid=<jobid> | X | X (only jobs owned) |
getBatchJobRC -jobid=<jobid> | X | X (only jobs owned) |
help | X | X |