Users logged into multiple groups [continue keyword]
This is an example of a security file where the continue keyword is used. This kind of security file allows a user to inherit authorization from multiple stanzas. The user gets the accesses for the first matching entry of each stanza that matches the user definition.
user misusers cpu@ group=mis
###########################################################
# User misusers USER DEFINITION APPLIES TO USERS LOGGED IN TO
# THE MIS GROUP ON ANY WORKSTATION.
#
# User dbusers USER DEFINITION APPLIES TO USERS LOGGED IN TO
# THE DB GROUP ON ANY WORKSTATION.
#
# User default USER DEFINITION APPLIES TO ALL USERS.
#
user misusers cpu=@ group=mis
begin
# OBJECT ATTRIBUTES ACCESS CAPABILITIES
# ---------- ------------ ----------------------
job cpu=@ + name=mis@
access=@
schedule name=mis@ access=@
parameter name=mis@ access=@
continue
user dbusers cpu=@ group=db
begin
# OBJECT ATTRIBUTES ACCESS CAPABILITIES
# ---------- ------------ ----------------------
job cpu=@ + name=db_@
access=@
schedule name=db_@ access=@
parameter name=db_@ access=@
continue
user default cpu=@ + logon=@
begin
# OBJECT ATTRIBUTES ACCESS CAPABILITIES
# ---------- ------------ ----------------------
parameter name=@ access=display
end
###########################################################
Users that belong only to the mis group get access to all objects that have a name starting with the mis prefix, as specified in the user misusers user definition. In addition, the user default user definition gives them display access to all parameters.
Users that belong only to the db group get access to all objects that have a name starting with the db_ prefix, as specified in the user dbusers user definition. In addition, the user default user definition gives them display access to all parameters.
Users that belong to both the mis and the db groups get access to the objects that have a name starting with the mis prefix and to the objects that have a name starting with the db_ prefix, as specified in the user misusers and in the user dbusers user definitions. In addition, the user default user definition gives them display access to all parameters.
You must order definitions from most specific to least specific. The user default user definition gives generic accesses, and must be therefore specified at the end of the file.