You can limit the availability of certain forms to selected users. For example, you may want to limit access to checks to the people in the payroll department or accounts payable department.
The print service restricts the availability of a form by using the lists (provided by you) of users allowed or denied access to that form. If a user is not allowed to use a particular form, the print service will reject the request to print a file with it.
The method used to allow or deny users access to a form is similar to the method used to allow or deny users access to the cron(1M) and at(1) facilities. Refer to crontab(1) for more information.
If users on your system can access forms on a remote printer, all users included on the allow list for the local system must be included on the allow list for the remote system as well.
If, on the other hand, a local user is to be denied
permission to use forms on a remote printer,
it is not necessary for the deny lists in both
the local and remote Print Services to include that user.
By being included in only one of these deny lists,
a user can be denied access to remote forms.
As a courtesy to your users, however,
make sure that any local users
who are included in a deny list on a remote system
are included in the corresponding deny list
on your local system.
This ensures that
whenever a user on your system
requests a form without authorization,
the user is immediately informed
that permission to use the form is being denied.
If the local Print Service does not ``know''
that a user is denied permission to use a particular
remote form, there will be a delay
before the user receives a
permission denied message
from the remote system.
To add names to the allow list and remove them from the deny list:
lpforms -f form-name -u allow:user-list
To add names to the deny list and remove them from the allow list:
lpforms -f form-name -u deny:user-list
The user-list is a comma- or space-separated list of names of users. If you use spaces to separate the names, enclose the entire list (including the allow: or deny: but not the -u) in quotes. Each item in the list can include a system name, as shown under ``Controlling access to printers''.
Specifying allow:all will allow all users; specifying deny:all will deny all users.
If you do not add user names to the allow or deny lists, the print service will assume that all users may use the form.