When the optional LSMS Command Class Management feature is enabled, LSMS supports configurable GUI permission groups in addition to the five non-configurable GUI permission groups (lsmsadm, lsmsuser, lsmsview, lsmsall, and lsmsuext).
The LSMS supports the creation of 128 additional, configurable GUI permission groups that can be used to ensure a specific and secure environment. After creating the new, configurable GUI permission groups, the system administrator can assign users to the appropriate group.
The configurable GUI permission groups control access to GUI commands.
A method to control access to a fixed set of commands is provided. Existing commands, executables, and scripts are classified as follows:
This command may be assigned individually, similar to GUI commands, to one or more permission groups.
These commands are root-only and are not assignable to any permission group.
These commands include those used by the LSMS application, those used to control processes, and those for setup and configuration. Commands in this category are grouped as a single set of administration commands. Users may or may not be granted access to this command-line group, in addition to being assigned to the appropriate GUI group.
Some commands in this group, although owned by lsmsadm, are accessible to non-owners for limited operation, such as status. The incorporation of this feature will not have any impact on the current privileges of commands for non-owners.
Example:
To set up a custom environment, system administrators should define the GUI permission groups and populate those groups with the appropriate commands:
GUI Permission Group | Command Privileges |
---|---|
Custom GUICONFIG | All Configuration Commands |
Custom GUIEMS | All EMS-related Commands |
Custom GUISUPER | All GUI Commands |
Optionally, assign users (for example, Mike, Sally, and Bill) to a specific command-line permission group (in this example, lsmsadm) or GUI permission group.
|
After activating this feature, you can create permission groups and assign users to these new groups.
The LSMS supports the ability to uniquely name each configurable GUI permission group.
A group name can consist of a minimum of one character to a maximum of 40 characters (only alphanumeric characters are permitted).
The LSMS enables you to perform the following tasks: