Tuesday, May 26, 2015

"conman" commands & syntax


conman commands are user to manage objects in PLAN (composer commands are used to manage objects in DATABASE)

Below are some very useful conman commands syntaxes grouped is several categories:

1. Jobs & Job Streams:

# display the stdlist (job log) of a specific job with jobid=job_number 
conman sj "@#$job_number;stdlist;single"
# add job steam scheduled time / date in the search query 
conman "sj @#@ (0000).@" ; conman "ss @#@ (2204 05/25)"
# count EXEC jobs, `echo "Yes"` before the command if conman parameters aren't set up 
conman "sj @#@+state=EXEC;short" | grep "EXEC +" | wc -l
# change job stream priority to 0 
conman "ap @#JS1;0;noask"
# change job stream limit to 0 
conman "ls @#JS1;0;noask"
# displays prompt messages 
conman recall
# displays information about files 
conman showfiles
# update windows user "username" password in the current plan 
conman altpass username
# display job details from plan 
conman "dj @#@"
# display job stream syntax from plan 
conman "ds @#@"
# display user launching the job 
conman "sj @#@;logon"
# display script / command used by job 
conman "sj @#@;info"
# display info using unique id for JS 
conman "sj @#@;keys;extended" | uniq

2. FTA Agents:

# change limit to 100 
conman "lc @;100"
# change fence to 0, no ask 
conman "fence @;0;noask"
# additional details about workstations (including netman port) 
conman "sc;link"
# display agent version / fixpack and OS details 
conman "sc @;info"
# to start monman, for event rules 
conman startmon

3. Symphony:

# to check the agent health status (including symphony corruption) 
conman "chs XYZ"
# to reset symphony of a corrupted agent 
conman "resetfta XYZ"

4. Event rules:

# to list active event rules 
conman "sc;getmon"
# to deploy the event rules 
conman "deploy"

Control Characters:
You can enter the following control characters to interrupt conman.
Control+c   Conman stops executing the current command at the next step that can be interrupted, and returns a command prompt.
Control+d   Conman quits after executing the current command.

Wildcards:
@ Replaces one or more alphanumeric characters.
?   Replaces one alphabetic character.
% Replaces one numeric character.

Delimiters and special characters:
&amp Command delimiter.
+   A delimiter used to select objects for commands. It adds an attribute the object must have. For example: sked1.@+priority=0
~   A delimiter used to select objects for commands. It adds an attribute the object must not have. For example: sked1.@~priority=0
;    Argument delimiter. For example: ;info;offline
,    Repetition and range delimiter. For example: state=hold,sked,pend
=   Value delimiter. For example: state=hold
: !  Command prefixes that pass the command on to the system. These prefixes are optional; if Conman does not recognize the command, it is passed automatically to the system. For example: !ls or :ls
<<>> Comment brackets. For example: sj @#@.@ <>
*** Comment prefix. The prefix must be the first character on a command line or following a command delimiter. For example: *comment or sj & *comment**
>  Redirects command output to a file and overwrites the contents of the file. If the file does not exist, it is created. For example: sj > joblist
>> Redirects command output to a file and appends the output to the end of file. If the file does not exist, it is created. For example: sj >> joblist
|   Pipes command output to a system command or process. The system command is run whether or not output is generated. For example:  sj| grep ABEND
||  Pipes command output to a system command or process. The system command is not run if there is no output. For example: sj || grep ABEND



!!!! Note: I only described a fraction of conman commands available, to see all of them used THIS link.




Posted by at 1 comment:

Tuesday, May 5, 2015

"MAKEPLAN" & "UPDATESTATS" increase runtime


Why the runtime for jobs MAKEPLAN & UPDATESTATS from FINAL job stream it is increasing steadily day by day?

The main reason is that there are "left overs" in the plan or preproduction plan

1. Clean the old jobs / job streams from the plan. My recommendation is to set-up an automatically clean-up job that is canceling the +N weeks older job streams (in my experience I've discovered that we can safely cancel the +2 weeks old job streams).
conman "ss @#@"  # check the SchedTime
2. Clean the "junk data" data from preproduction plan.
Do i have "junk data" in pre-production plan? In order to check run:
planman showinfo
And check the below line time stamp against you oldest job stream from the plan, if it is older a manual DB "junk data" clean-up must be performed.
Start time of first not complete preproduction plan job stream instance: 04/20/2015 00:04 TZ America/Los_Angeles
Connect to the TWS database check and delete the following:
a) All records from JSI_JOB_STREAM_INSTANCES older than the oldest job stream from the plan (usually the number of records should be low).

select * from JSI_JOB_STREAM_INSTANCES order by JSI_SCHEDULED_DATE;

    JSI_ID JSI_SYM_ID       JSI_FIRST_RUN_NUMBER JSI_LAST_RUN_NUMBER JSI_SCHEDULED_DATE JSI_START_TIME                  JSI_STATUS JST_ID                           RCY_ID                           WKC_ID                           VAT_ID                           PLAN_ID                       
---------- ---------------- -------------------- ------------------- ------------------ ------------------------------- ---------- -------------------------------- -------------------------------- -------------------------------- -------------------------------- --------------------------------
  10742074 0AAAAAAAAAAKH2J2                  863                 863 06-APR-15          05-APR-15 04.04.00.000000000 PM C          5A9D352A24D53AE78074D760D7CCB44B                                  DF397BE179E632FAA7892A3BBF01B179                                                                  
  10507507 0AAAAAAAAAAKAVHT                  848                 849 19-APR-15          20-APR-15 07.03.00.000000000 AM C          530A93D37FCA394E8144EA089708ECA6 33FCBC96CB62363AA4A1BC87D74EF655 38C431C7F7563087B4DF692EF152AB5A                                                                  
  10435375 0AAAAAAAAAAJ6OZP                  848                 848 19-APR-15          19-APR-15 11.00.00.000000000 PM C          6506E033D41F37219ABA3E6D4D2E46E0 01C08911A19E377CA1D75AE5A4FB81C1 DF397BE179E632FAA7892A3BBF01B179                                                                  
  10496296 0AAAAAAAAAAKAKJI                  848                 848 19-APR-15          20-APR-15 01.30.00.000000000 AM C          B7390188014E32A6BCADBE87A68B93F9 4E0BBC5B7DD432ACBA7F15AE621EA5C6 9B18F62CEE2532919612989A031EF052                                                                  
  10496303 0AAAAAAAAAAKAKJP                  848                 848 19-APR-15          20-APR-15 01.30.00.000000000 AM C          B5F7FDF861D133F0B75E6940CF97A39F B5C442B6CD653F4790ADCF25AE3F54C0 9B18F62CEE2532919612989A031EF052                                                                  
  10496310 0AAAAAAAAAAKAKJW                  848                 848 19-APR-15          20-APR-15 01.30.00.000000000 AM C          7A68C1570A9D3364845CB3F6D6A7DC0F 75C767CDAD0E33D4ACCD11076A7854D4 9B18F62CEE2532919612989A031EF052                                                                  
  10496317 0AAAAAAAAAAKAKJ5                  848                 849 19-APR-15          20-APR-15 01.30.00.000000000 AM C          190E13C8D2F633F88E53A7AC78FA2ACD 816CED621ADD3B02B4C71D30B21E6D5B 9B18F62CEE2532919612989A031EF052                                                                  


delete from JSI_JOB_STREAM_INSTANCES where JSI_SYM_ID = '0AAAAAAAAAAKH2J2';
commit;
b) All invalid entries from preproduction plan:
select count(*) from JSI_JOB_STREAM_INSTANCES where PLAN_ID is not null;

COUNT(*)
----------
      123 

delete from JSI_JOB_STREAM_INSTANCES where PLAN_ID is not null;
commit;

On the next run "MAKEPLAN" & "UPDATESTATS" will decrease, in some cases the new runtime could be ~60-80% less.
Posted by at No comments:

Monday, May 4, 2015

Security File - functionality, details & examples

In TWS all users rights are granted / revoked using the "Security" file.

To modify the Security file, perform the following steps:

1. Run dumpsec command to decrypt the current security file into an editable configuration file. 
dumpsec              # To display the operational Security file to stdout
dumpsec > sectemp    # To dump the operational Security file to a file name sectemp
2. Modify the user definitions with a text editor
edit sectemp
3. Close any open conman user interfaces using the exit command.
4. Stop any connectors on systems running Windows operating systems.
5. Run the makesec command to encrypt the security file and apply the modifications.
makesec sectem
6. If you are using local security, the file will be immediately available on the workstation where it has been updated.
    If you are using centralized security you must now do the following:
       a. If you are using a backup master domain manager, copy the file to it
       b. Distribute the centralized file manually to all fault-tolerant agents in the network (not standard, extended, or broker agents), and store it in the TWA_home/TWS directory
       c. Run JnextPlan to distribute the Symphony file that corresponds to the new Security file

Below is a detailed list for all the options in the Security file and several generic examples:

Workstation definition and management:
CPU            CPU =   $THISCPU, # The workstation where you ran conman/composer
                       $MASTER,  # The master domain manager
                       $SLAVES,  # Any fault tolerant agent
                       serverA  # or TWS workstation "serverA"

               TYPE=   AGENT,     # Only "dynamic" agent
                       BROKER,    # BROKER workstations (that run JSDL from the Broker library)
                       FTA,       # Fault tolerant agents
                       D-POOL,    # Dynamic pool
                       MANAGER,   # Domain managers, including the master
                       POOL,      # Workstations type POOL
                       REM-ENG,   # Remote engine workstation
                       S-AGENT,   # Standard agents
                       X-AGENT    # Extended agents

               ACCESS= ADD,       # composer add
                       CONSOLE,   # conman cons
                       DELETE,    # composer delete
                       DISPLAY,   # composer display
                       FENCE,     # conman fence
                       LIMIT,     # conman limit
                       LINK,      # conman link
                       MODIFY,    # composer mod
                       RESETFTA,  # conman resetfta
                       RUN,       # composer maknew (jobs using JavaExt)
                       SHUTDOWN,  # conman shut
                       START,     # conman start
                       STOP,      # conman stop
                       UNLINK,    # conman unlink
                       LIST,      # conman showcpu/composer list
                       UNLOCK     # composer unlock
Job definition and management:
JOB            CPU =   $THISCPU, # The same workstation where the user logs on
                       $MASTER,  # The master workstation
                       $SLAVES,  # Any fault tolerant agent
                       $REMOTES  # Any standard agent
                       server@     # Any workstation whose name starts with "server"
                     
             + NAME =  J@   # Any job with the name starting in J
             ~ NAME =  J_@  # But not if it starts with J_
             + JCLTYPE = SCRIPTNAME # Allow only SCRIPTNAME type of job definition
             + JCLTYPE = DOCOMMAND  # Allow only DOCOMMAND type of job definition
             + LOGON=  $USER,     # Streamlogon is the conman/composer user
                       $OWNER,    # Streamlogon is the job creator
                       $JCLOWNER, # Streamlogon is the OS owner of the file
                       $JCLGROUP  # Streamlogon is the OS group of the file
             ~ LOGON=  root, twsuser  # The job does not logon as "root" or "twsuser"
             + JCL =   "/usr/local/bin/@"  # The script is in /usr/local/bin
             ~ JCL =  "@rm@" # But not any command containing "rm"
   
               ACCESS= ADD,         # composer new/rename
                       ADDDEP,      # conman adj
                       ALTPRI,      # conman apj
                       CANCEL,      # conman cj
                       CONFIRM,     # conman confirm
                       DELDEP,      # conman ddj
                       DELETE,      # composer delete/rename
                       DISPLAY,     # conman, composer display/create/list/print
                       KILL,        # conman kill
                       MODIFY,      # composer mod
                       RELEASE,     # conman rj
                       REPLY,       # conman reply (local prompt, recovery)
                       RERUN,       # conman rerun
                       SUBMIT,      # conman sbd
                       SUBMITDB,    # conman sbj
                       USE,         # composer use in job stream
                       LIST,        # conman showjobs
                       UNLOCK       # composer unlock
Windows username/passwords:
USEROBJ        CPU =   $THISCPU, # On the same workstation where the user logs on
                       $MASTER,  # On the master workstation
                       $SLAVES,  # On any fault tolerant agent
                       $REMOTES  # On any standard agent
             + LOGON=  "Workgroup\Administrator","twsuser"  # Admin or twsuser
             ~ LOGON=  "MyDomain\@" # but not in Domain "mydomain"

               ACCESS= ADD,     # composer add
                       DELETE,  # composer delete
                       DISPLAY, # composer display
                       MODIFY,  # composer modify
                       ALTPASS, # conman altpass
                       UNLOCK   # composer unlock
Job streams:
SCHEDULE       CPU =   $THISCPU, # The same workstation where the user logs on
                       $MASTER,  # The master workstation
                       $SLAVES,  # Any fault tolerant agent
                       $REMOTES  # Any standard agent
             + NAME =  STR@    # Any job stream with the name starting with STR
             ~ NAME = @ZZ      # and not ending in "ZZ"

               ACCESS= ADD,     # composer add
                       ADDDEP,  # conman ads
                       ALTPRI,  # conman aps
                       CANCEL,  # conman cs
                       DELDEP,  # conman dds
                       DELETE,  # composer delete
                       DISPLAY, # composer dis
                       LIMIT,   # conman ls
                       MODIFY,  # composer mod
                       RELEASE, # conman rs
                       REPLY,   # conman reply (local prompt)
                       SUBMIT,  # conman sbs
                       LIST,    # conman ss
                       UNLOCK   # composer unlock
Business calendars:
CALENDAR     + NAME =  CAL@    # Any calendar with the name starting with CAL
             ~ NAME = @ZZ      # and not ending in "ZZ"
               ACCESS= ADD,      # composer add
                       DELETE,   # composer delete
                       DISPLAY,  # composer display
                       MODIFY,   # composer modify
                       USE,      # use in a job stream
                       UNLOCK    # composer unlock
Create event rules:
EVENTRULE    + NAME =  EVT@    # Any event rules with the name starting with EVT
             ~ NAME =  ADM@    # and not starts with "ADM"
               ACCESS= ADD,     # composer add
                       DELETE,   # composer delete
                       DISPLAY,  # composer display
                       MODIFY,   # composer modify
                       LIST,     # conman "sc;getmon"
                       UNLOCK    # composer unlock
Which of the TWS objects events can be used:
EVENT          PROVIDER=TWSObjectsMonitor
               TYPE=   JobStatusChanged,
                       JobUntil,
                       JobSubmit,
                       JobCancel,
                       JobRestart,
                       JobLate,
                       JobStreamStatusChanged,
                       JobStreamCompleted,
                       JobStreamUntil,
                       JobStreamSubmit,
                       JobStreamCancel,
                       JobStreamLate,
                       WorkstationStatusChanged,
                       ApplicationServerStatusChanged,
                       ChildWorkstationLinkChanged,
                       ParentWorkstationLinkChanged,
                       PromptStatusChanged

               ACCESS= USE # composer use an event in an event rule definition
Which of the file monitor events can be used
EVENT          PROVIDER=FileMonitor
               TYPE=   FileCreated,
                       FileDeleted,
                       ModificationCompleted,
                       LogMessageWritten
               ACCESS= USE    # composer use an event in an event rule definition
               CUSTOM= SAMPLE # Specify security attribute for custom-made event drivers
Event rule actions
ACTION         PROVIDER=TECEventForwarder     # Forward events to omnibus
               TYPE=   TECFWD
               ACCESS= DISPLAY,  # composer display
                       SUBMIT,   # conman deploy
                       USE,      # composer use
                       LIST,     # conman "sc;getmon"
               HOST=   omnibushost.ibm.com
               PORT=   SNMPlistenerport
ACTION         PROVIDER=MailSender            # Send e-mail
               TYPE=   SendMail
               ACCESS= DISPLAY,  # composer display
                       SUBMIT,   # conman deploy
                       USE,      # composer use
                       LIST,     # conman "sc;getmon"
ACTION         PROVIDER = MessageLogger       # Write to the operator log
               TYPE =  MSGLOG
               ACCESS= DISPLAY,  # composer display
                       SUBMIT,   # conman deploy
                       USE,      # composer use
                       LIST,     # conman "sc;getmon"
ACTION         PROVIDER = TWSAction           # Perform TWS actions
               TYPE =  GenericAction
               ACCESS= DISPLAY,  # composer display
                       SUBMIT,   # conman deploy
                       USE,      # composer use
                       LIST,     # conman "sc;getmon"
Report generation
REPORT         NAME=   RUNHIST,  # Job Run History
                       RUNSTATS, # Job Run Statistics
                       WWS,      # Workstation Workload Summary
                       WWR,      # Workstation Workload Runtimes
                       SQL,      # Custom SQL
                       ACTPROD,  # Actual production details (for current and archived plans)
                       PLAPROD   # Planned production details
               ACCESS= DISPLAY   # composer display
Special purpose TWS files
FILE           NAME =  GLOBALOPTS,  # optman (ls, show, chg)
                       PRODSKED,    # planman (current plan)
                       SECURITY,    # dumpsec, makesec
                       SYMPHONY,    # stageman
                       TRIALSKED    # planman (trial and forecast)

               ACCESS= BUILD,   # planman deploy, stageman
                       DELETE,  # delete objects from the database
                       DISPLAY, # optman (ls, show), dumpsec, planman showinfo
                       MODIFY   # optman chg, makesec, planman (crt, ext, reset, crttrial, exttrial, crtfc)
Prompts
PROMPT       + NAME =  A@           # Prompts with names starting with "A"
             ~ NAME =  Z@           # Prompts names not starting with "Z"

               ACCESS= ADD,       # composer add/rename
                       DELETE,    # composer delete/rename
                       DISPLAY,   # composer display/list/print/create, conman recall
                       MODIFY,    # composer modify
                       REPLY,     # conman reply
                       USE,       # use in your job stream
                       LIST,      # composer list/ conman showprompts
                       UNLOCK     # composer unlock
Resources
RESOURCE       CPU =   @,        # All workstations
                       $THISCPU, # The same workstation where the user logs on
                       $MASTER,  # The master workstation
                       $SLAVES,  # Any fault tolerant agent
                       $REMOTES  # Any standard agent
             + NAME =  @

               ACCESS= ADD,       # composer add
                       DELETE,    # composer delete
                       DISPLAY,   # composer display
                       MODIFY,    # composer modify
                       RESOURCE,  # conman res/release util.
                       USE,       # use in your job stream
                       LIST,      # composer list/ conman showprompts
                       UNLOCK     # composer unlock
Variables
PARAMETER      CPU =   @,        # All workstations
                       $THISCPU, # The same workstation where the user logs on
                       $MASTER,  # The master workstation
                       $SLAVES,  # Any fault tolerant agent
                       $REMOTES  # Any standard agent>
               NAME =  @

               ACCESS= ADD,      # composer add/rename or "parms -c"
                       DELETE,   # composer delete/rename
                       DISPLAY,  # composer display or "parms"
                       MODIFY,   # composer mod or "parms -c"
                       UNLOCK    # composer unlock
Run cycle groups
RUNCYGRP       NAME=   R@,       # Access to run cycle groups with name starting in "R"
               ACCESS= ADD,      # composer new/add
                       DELETE,   # composer delete
                       DISPLAY,  # composer display, extract
                       MODIFY,   # composer modify, lock
                       USE,      # use run cycle groups in job streams
                       LIST,     # composer list
                       UNLOCK    # composer unlock
Variable Tables
VARTABLE       NAME=   A@,       # Access to variable tables with name starting in "A"
                       $DEFAULT  # Access to the default variable table

               ACCESS= ADD,      # composer new/add
                       DELETE,   # composer delete
                       DISPLAY,  # composer display, extract
                       MODIFY,   # composer modify, lock
                       USE,      # use variable tables in run cycles, job streams, and workstations
                       LIST,     # composer list; also, list individual variable entries within the table
                       UNLOCK    # composer unlock

!!! Note: To allow users to create their own variable tables, but not touch the default table, use the following:
VARTABLE NAME=$DEFAULT ACCESS=DISPLAY,USE,LIST,UNLOCK
VARTABLE NAME=@        ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
A Special "Default" group for everybody not listed above will cause unlisted users to be accepted through console connections but will not have access to any objects once connected they are "trapped" by the system and logged)
USER DEFAULT
  CPU =        @
  +LOGON =     # Everybody not listed above
               @
BEGIN
  # No access privileges!
END

!!! Note: To include something use "+" to exclude use "~":
JOB     CPU=$SLAVES+NAME=ABC@   ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,CONFIRM,DELDEP,DELETE,DISPLAY,KILL,MODIFY,RELEASE,REPLY,RERUN,SUBMIT,USE,LIST,UNLOCK,SUBMITDB  # Full access to jobs on $SLAVES starting with name ABC@
JOB     CPU=APP_WK~NAME=@XYZ   ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,CONFIRM,DELDEP,DELETE,DISPLAY,KILL,MODIFY,RELEASE,REPLY,RERUN,SUBMIT,USE,LIST,UNLOCK,SUBMITDB   # No access to jobs on APP_WK ending in @XYZ
SCHEDULE        CPU=$MASTERS~NAME=FINAL   ACCESS=ADDDEP,ALTPRI,CANCEL,DELDEP,DISPLAY,RELEASE,SUBMIT,LIST                                                       # No access to job stream FINAL on $MASTERS

Examples (the below ones are generic and can / should be customized to match your needs):

Default installation security file for TWS admin user / group:
USER MAESTRO
        CPU=@+LOGON=twsuser
BEGIN
        USEROBJ CPU=@   ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,ALTPASS,LIST,UNLOCK
        JOB     CPU=@   ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,CONFIRM,DELDEP,DELETE,DISPLAY,KILL,MODIFY,RELEASE,REPLY,RERUN,SUBMIT,USE,LIST,UNLOCK,SUBMITDB,RUN
        SCHEDULE        CPU=@   ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,DELDEP,DELETE,DISPLAY,LIMIT,MODIFY,RELEASE,REPLY,SUBMIT,LIST,UNLOCK
        RESOURCE        CPU=@   ACCESS=ADD,DELETE,DISPLAY,MODIFY,RESOURCE,USE,LIST,UNLOCK
        PROMPT          ACCESS=ADD,DELETE,DISPLAY,MODIFY,REPLY,USE,LIST,UNLOCK
        FILE    NAME=@  ACCESS=BUILD,DELETE,DISPLAY,MODIFY,UNLOCK
        CPU     CPU=@   ACCESS=ADD,CONSOLE,DELETE,DISPLAY,FENCE,LIMIT,LINK,MODIFY,SHUTDOWN,START,STOP,UNLINK,LIST,UNLOCK,RUN,RESETFTA
        PARAMETER       CPU=@   ACCESS=ADD,DELETE,DISPLAY,MODIFY,LIST,UNLOCK
        CALENDAR                ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
        REPORT  NAME=@  ACCESS=DISPLAY
        EVENTRULE       NAME=@  ACCESS=ADD,DELETE,DISPLAY,MODIFY,LIST,UNLOCK
        ACTION  PROVIDER=@      ACCESS=DISPLAY,SUBMIT,USE,LIST
        EVENT   PROVIDER=@      ACCESS=USE
        VARTABLE        NAME=@  ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
END

USER MAESTRO_GROUP
        CPU=@+GROUP=@TWSadmins
BEGIN
        USEROBJ CPU=@   ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,ALTPASS,LIST,UNLOCK
        JOB     CPU=@   ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,CONFIRM,DELDEP,DELETE,DISPLAY,KILL,MODIFY,RELEASE,REPLY,RERUN,SUBMIT,USE,LIST,UNLOCK,SUBMITDB,RUN
        SCHEDULE        CPU=@   ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,DELDEP,DELETE,DISPLAY,LIMIT,MODIFY,RELEASE,REPLY,SUBMIT,LIST,UNLOCK
        RESOURCE        CPU=@   ACCESS=ADD,DELETE,DISPLAY,MODIFY,RESOURCE,USE,LIST,UNLOCK
        PROMPT          ACCESS=ADD,DELETE,DISPLAY,MODIFY,REPLY,USE,LIST,UNLOCK
        FILE    NAME=@  ACCESS=BUILD,DELETE,DISPLAY,MODIFY,UNLOCK
        CPU     CPU=@   ACCESS=ADD,CONSOLE,DELETE,DISPLAY,FENCE,LIMIT,LINK,MODIFY,SHUTDOWN,START,STOP,UNLINK,LIST,UNLOCK,RUN,RESETFTA
        PARAMETER       CPU=@   ACCESS=ADD,DELETE,DISPLAY,MODIFY,LIST,UNLOCK
        CALENDAR                ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
        REPORT  NAME=@  ACCESS=DISPLAY
        EVENTRULE       NAME=@  ACCESS=ADD,DELETE,DISPLAY,MODIFY,LIST,UNLOCK
        ACTION  PROVIDER=@      ACCESS=DISPLAY,SUBMIT,USE,LIST
        EVENT   PROVIDER=@      ACCESS=USE
        VARTABLE        NAME=@  ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
END
Scheduling and monitoring access rights for an application using TWS:
USER APP_admins
        CPU=@+GROUP=@APPadmins
BEGIN
        USEROBJ CPU=APP_WK   ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,ALTPASS,LIST,UNLOCK
        JOB     CPU=APP_WK   ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,CONFIRM,DELDEP,DELETE,DISPLAY,KILL,MODIFY,RELEASE,REPLY,RERUN,SUBMIT,USE,LIST,UNLOCK,SUBMITDB,RUN
        SCHEDULE        CPU=APP_WK   ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,DELDEP,DELETE,DISPLAY,LIMIT,MODIFY,RELEASE,REPLY,SUBMIT,LIST,UNLOCK
        RESOURCE        CPU=APP_WK   ACCESS=ADD,DELETE,DISPLAY,MODIFY,RESOURCE,USE,LIST,UNLOCK
        PROMPT  NAME=APP@        ACCESS=ADD,DELETE,DISPLAY,MODIFY,REPLY,USE,LIST,UNLOCK
        CPU     CPU=APP_WK   ACCESS=CONSOLE,DISPLAY,FENCE,LIMIT,LINK,MODIFY,LIST
        PARAMETER       CPU=APP_WK   ACCESS=ADD,DELETE,DISPLAY,MODIFY,LIST,UNLOCK
        CALENDAR  NAME=APP@   ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
        VARTABLE        NAME=APP@  ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
END
Specific application operators:
USER OPERATORS
        CPU=@+GROUP=@APPOperators
BEGIN
        USEROBJ CPU=APP_WK     ACCESS=ADD,DELETE,DISPLAY,MODIFY,ALTPASS,UNLOCK
        JOB     CPU=APP_WK     ACCESS=ADDDEP,ALTPRI,CANCEL,CONFIRM,DELDEP,DISPLAY,KILL,RELEASE,RERUN,SUBMIT,LIST,SUBMITDB
        SCHEDULE        CPU=APP_WK     ACCESS=ADDDEP,ALTPRI,CANCEL,DELDEP,DISPLAY,LIMIT,RELEASE,REPLY,SUBMIT,LIST
        CPU     CPU=APP_WK     ACCESS=DISPLAY,FENCE,LIMIT,LINK,START,STOP,UNLINK,LIST
END
A generic monitoring access:
USER MONITORING
        CPU=@+LOGON=userA,userB
BEGIN
        JOB     CPU=$SLAVES  ACCESS=DISPLAY,RERUN,LIST
        SCHEDULE        CPU=$SLAVES  ACCESS=DISPLAY,LIST
        CPU     CPU=$SLAVES     ACCESS=DISPLAY,FENCE,LIMIT,LINK,START,STOP,UNLINK,LIST
END
Full read-only access:
USER READONLY
        CPU=@+LOGON=readuser
BEGIN
        USEROBJ CPU=@   ACCESS=DISPLAY
        JOB     CPU=@   ACCESS=DISPLAY
        SCHEDULE        CPU=@   ACCESS=DISPLAY
        RESOURCE        CPU=@   ACCESS=DISPLAY
        PROMPT          ACCESS=DISPLAY
        FILE    NAME=@  ACCESS=DISPLAY
        CPU     CPU=@   ACCESS=DISPLAY
        PARAMETER       CPU=@   ACCESS=DISPLAY
        CALENDAR                ACCESS=DISPLAY
        REPORT  NAME=@  ACCESS=DISPLAY
        EVENTRULE       NAME=@  ACCESS=DISPLAY
        ACTION  PROVIDER=@      ACCESS=DISPLAY
        VARTABLE        NAME=@  ACCESS=DISPLAY
END
Posted by at 5 comments:
Subscribe to: Posts (Atom)