All domain1.com windows users logged in on any workstation
user cpu=@ + logon =@\@domain1.com
###########################################################
# APPLIES TO ALL OTHER USERS IN THE 'domain1.com' INTERNET DOMAIN LOGGED IN ON ANY
# WORKSTATION.
user default cpu=@ + logon=@\@domain1.com
begin
# OBJECT ATTRIBUTES ACCESS CAPABILITIES
# ---------- ------------ ----------------------
job cpu=@ + logon =a@\@domain1.com + folder = /
+ cpufolder = / access=display
job cpu=@ + folder = /
+ cpufolder = / access=@
schedule + folder = / + cpufolder = / access=@
resource + folder = / + cpufolder = / access=@
prompt + folder = / access=@
file access=@
calendar + folder = / access=@
cpu cpu=@ + folder = / access=@
parameter name=@ ~ name=r@ + folder = / + cpufolder = / access=@
userobj cpu=@ + logon=@ + cpufolder = / access=@
eventrule name=@ + folder = / access=add,delete,display,modify,list,unlock
action provider=@ access=display,submit,use,list
event provider=@ access=use
report name=@ access=display
runcygrp name=@ + folder = / access=add,delete,display,modify,use,list,unlock
vartable name=g@,$default + folder = / access=add,delete,display,modify,use,list,unlock
wkldappl name=@ + folder = / access=add,delete,display,modify,list,unlock
lob name=@ access=use
folder name=/ access=@
end
###########################################################Windows Users in domain1.com whose name begins with 'a' can display only jobs and can manage parameters which name does not begin with r. All other domain1.com Windows users that are logged in on any workstation are given access to all objects defined in the root (/) folder, and to parameters that have names beginning with r. They are the only ones who can generate all kinds of plans and who can create, update, and delete event rule definitions. All users have access to all variable tables beginning with "g" and to the default table, irrespective of the default variable table name.