HP OpenVMS Systems

ask the wizard
Content starts here

Security, Accountability and SUBMIT/USERNAME?

» close window

The Question is:

Do operators need the CMKRNL privilege to submit batch jobs to run under
 another account?  If not, what are the minimum privileges needed?  Thanks.

The Answer is :

  The OpenVMS Wizard generally discourages running jobs under the
  usernames of others, as this plays havoc with user accountability.
  If the SUBMIT/USER command is required, then yes, CMKRNL privilege
  is required for its execution.
  In practice, no user privileges are required -- assuming that
  supporting procedures and tools have been configured appropriately.
  That tools that allow the users to perform operations have been
  created -- either DCL-based using various techniques -- or that
  installed images have been created, and particularly that enforce
  some security while also providing auditing or accountability, and
  (usually through image installation) access to the CMKRNL privilege
  needed when specifying a username with the $sndjbc[w] system service.
  Existing topics -- including (5639), (5409), (2524), (798) and
  (159) -- will be of some interest.
  The OpenVMS Security Manual and the Writing Real Programs in DCL
  Book will be of interest.

answer written or last revised on ( 18-JUN-2004 )

» close window