 |
The Question is:
Do operators need the CMKRNL privilege to submit batch jobs to run under
another account? If not, what are the minimum privileges needed? Thanks.
The Answer is :
The OpenVMS Wizard generally discourages running jobs under the
usernames of others, as this plays havoc with user accountability.
If the SUBMIT/USER command is required, then yes, CMKRNL privilege
is required for its execution.
In practice, no user privileges are required -- assuming that
supporting procedures and tools have been configured appropriately.
That tools that allow the users to perform operations have been
created -- either DCL-based using various techniques -- or that
installed images have been created, and particularly that enforce
some security while also providing auditing or accountability, and
(usually through image installation) access to the CMKRNL privilege
needed when specifying a username with the $sndjbc[w] system service.
Existing topics -- including (5639), (5409), (2524), (798) and
(159) -- will be of some interest.
The OpenVMS Security Manual and the Writing Real Programs in DCL
Book will be of interest.
|
