Advanced printer configuration

Restricting user access to forms

You can limit the availability of certain forms to selected users. For example, you may want to limit access to checks to the people in the payroll department or accounts payable department.

The print service restricts the availability of a form by using the lists (provided by you) of users allowed or denied access to that form. If a user is not allowed to use a particular form, the print service will reject the request to print a file with it.

The method used to allow or deny users access to a form is similar to the method used to allow or deny users access to the cron(1M) and at(1) facilities. Refer to crontab(1) for more information.

If users on your system can access forms on a remote printer, all users included on the allow list for the local system must be included on the allow list for the remote system as well.

If, on the other hand, a local user is to be denied permission to use forms on a remote printer, it is not necessary for the deny lists in both the local and remote Print Services to include that user. By being included in only one of these deny lists, a user can be denied access to remote forms. As a courtesy to your users, however, make sure that any local users who are included in a deny list on a remote system are included in the corresponding deny list on your local system. This ensures that whenever a user on your system requests a form without authorization, the user is immediately informed that permission to use the form is being denied. If the local Print Service does not ``know'' that a user is denied permission to use a particular remote form, there will be a delay before the user receives a permission denied message from the remote system.

Defining the forms access list

To add names to the allow list and remove them from the deny list:

lpforms -f form-name -u allow:user-list

To add names to the deny list and remove them from the allow list:

lpforms -f form-name -u deny:user-list

The user-list is a comma- or space-separated list of names of users. If you use spaces to separate the names, enclose the entire list (including the allow: or deny: but not the -u) in quotes. Each item in the list can include a system name, as shown under ``Controlling access to printers''.

Specifying allow:all will allow all users; specifying deny:all will deny all users.

If you do not add user names to the allow or deny lists, the print service will assume that all users may use the form.

Next topic: Mounting a form
Previous topic: Removing a form

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004