S163

Can user access control be enforced using EnterpriseSCHEDULE to define individual user Access? For example, for a given job or directory of jobs, can the production scheduling staff have all access while operations staff be restricted to monitor, start and stop process only, and no modify or creation ability? 

Yes, the EnterpriseSCHEDULE server(s) has a complete security model of object control and user access. All objects including directories, jobs, and variables have an Access Control Object privilege set that is a union of an Access Control List and the native access facility that is found on UNIX, WNT, and OpenVMS. A user has a user ID that has a privilege set that defines the access level.

As an example: You may chose a UNIX model whereby a job has an owner,group,world definition (same as chmod entails) and you may also include several Access Control Lists to the Job. This job resides in a directory that also has a set of Access Controls. Then a user, defined by his user ID, has an access that is defined by a union of his (a) OS access, (b) membership of groups, (c) membership of Access Lists, and (d) Administrator controlled user privilege mappings. In short, the Schedule server compares the objects defined access and compares the user's privilege for the user's requested operation. Complete security control is provided.