WebSphere Extended Deployment Compute Grid, Version 6.1.1
             Operating Systems: AIX, HP-UX, Linux, Solaris, Windows, z/OS


Roles and privileges for securing the job scheduler

This article describes the lradmin and lrsubmitter roles and privileges for securing the job scheduler.

Authority for different roles

You can secure the job scheduler application by enabling global security. This application uses a combination of both declarative and instance-based security approaches to secure jobs and commands, where only users who are assigned with the lradmin or lrsubmitter role have the authority to perform grid operations in a security-enabled environment.

As illustrated in the following table, users who are assigned with the lradmin role have the authority to perform all job scheduler application actions on all jobs regardless of job ownership, while users who are assigned with the lrsubmitter role can only act on jobs that are owned by the submitters themselves. The X character represents authority in the table below.

Table 1. Authoritative roles
Client commands lradmin role lrsubmitter role
submitRecurringRequest -xJCL=<file> X X For Version 6.0.x only. Not a privilege in Version 6.1.
submitRecurringRequest -job=<jobname> X XFor Version 6.0.x only. Not a privilege in Version 6.1.
cancelRecurringRequest -request=<requestid > X X (only request owned) For Version 6.0.x only. Not a privilege in Version 6.1.
modifyRecurringRequest -request=<requestid> X X (only request owned) For Version 6.0.x only. Not a privilege in Version 6.1.
getRecurringRequestDetails -request=<requestid> X X (only request owned) For Version 6.0.x only. Not a privilege in Version 6.1.
showRecurringJobs -request=<requestid> X X (only request owned) For Version 6.0.x only. Not a privilege in Version 6.1.
showAllRecurringRequests X X For Version 6.0.x only. Not a privilege in Version 6.1.
submit -xJCL=<file> X X
submit -job=<job name> X X
submit -job=<job name> -add or replace X N/A This is an admin command.
forcedCancel -jobid=<jobid> X X (only jobs owned)
cancel -jobid=<jobid> X X (only jobs owned)
purge -jobid=<jobid> X X (only jobs owned)
output -jobid=<jobid> X X (only jobs owned)
restart -jobid=<jobid> X X (only jobs owned)
remove -job=<jobname> X N/A This is an admin command.
suspend -jobid=<jobid> X X (only jobs owned)
resume -jobid=<jobid> X X (only jobs owned)
save -xJCL=<file> -job=<jobname> X N/A This is an admin command.
show -job=<jobname> X X
status (showAll) X N/A This is an admin command.
status -jobid=<jobid> X X (only jobs owned)
getBatchJobRC -jobid=<jobid> X X (only jobs owned)
help X X



Related tasks
Securing the job scheduler
Running jobs under user credentials
Using the forced cancel command on z/OS
Concept topic    

Terms of Use | Feedback

Last updated: Oct 30, 2009 1:38:02 PM EDT
http://publib.boulder.ibm.com/infocenter/wxdinfo/v6r1m1/index.jsp?topic=/com.ibm.websphere.gridmgr.doc/info/scheduler/cbgroles.html