If the depot does not
exist, swpackage verifies that the user has insert
permission on the target host.
swpackage verifies that the user has insert permission on a target depot.
swpackage verifies that the user has write permission on target product, if
it already exists.
Listing (swlist)
To list potential depots,
the source agent verifies that the controller user has read permission
on host.
To list potential products,
the source agent verifies that the controller user has read permission
on depot or root.
Job Browsing (sd, swjob)
To use the CLI (swjob)
or GUI (sd) to view information about jobs initiated from a local
host, the controller verifies that the user has read permission on
the host.
To use the command line
or GUI to retrieve a target log file, the target agent verifies that
the controller user has read access on the root or depot target.
Copying (swcopy)
Any list operations required
to facilitate this function must be checked as described in the swlist section above.
If the depot does not
exist, swcopy verifies that the user has insert permission on the
target host.
The target agent verifies
that the controller user has insert permission on the target depot.
The target agent verifies
that the controller user has write permission on the target product,
if it already exists.
The source agent verifies
that the target agent system has read permission on the source product.
The source (depot) agent
verifies that the depot is registered. If not, the agent verifies
that the controller user and the target agent system each has insert
permission on the source’s host.
Installing (swinstall)
Any list operations required
to facilitate this function must be checked as described in the swlist section above.
The target agent verifies
that the controller user has insert permission on the target root.
The target agent verifies
that the controller user has write permission on the target root,
if the product already exists.
The source (depot) agent
verifies that the target agent system has read permission on the source
product.
Removal (swremove)
If the object is a product
on a depot, the target agent verifies that the controller user has
write permission on the target product.
If the object is a product
on a root, the target agent verifies that the controller user has
write permission on the target root.
If the object is a depot
or root, or the last product contained in one of these, before removing
the container the target agent must verify that the controller user
has delete permission on the target root or depot.
Configuration (swconfig)
The same permission checks
are made as for the swremove operation above, except that this command
does not apply to depots.
Verify (swverify)
If the object is a product
on a depot, the target agent verifies that the controller user has
read permission on the target product.
If the object is a product
on a root, the target agent verifies that the controller user has
write permission on the target root (since scripts are executed).
Registering Depots (swreg)
To register a new depot,
the target daemon verifies read permission on the depot to be registered
and insert permission on the host.
Changing ACLs (swacl)
To change an ACL, write
permission is required.
To list an ACL, list permission
is required.
Request Scripts (swask)
To query a user and obtain installation information,
interactive control scripts are used.
Modify (swmodify)
To change or add information
to the Installed Products Database (IPD) or depot catalog files, write
permission is required.
Printable version
