Job groups

To create more job groups, use the streamtool mkjobgroup command or the Streams Console. The job group name must satisfy the following requirements:

• The name must be unique among the job groups that are defined by you within the instance.
• The name must contain alphanumeric characters. You cannot use the following alphanumeric characters: ^!#$%&'*+,/;<>=?@[]`{|}~() You also cannot use the following Unicode and hexadecimal characters: u0000; u0001-u001F; u007F-u009F; ud800-uF8FF; uFFF0-uFFFF; x{10000}-x{10FFFF}.
• The maximum length for the name is 255 bytes.

The initial permissions for a new job group are set by the default: permissions for the jobs security object for an instance. The following example shows the default: permissions for the jobs security object for instance1:

$ streamtool getacl -d domain3 -i instance1 jobs
# object: jobs
# parent: instance
# owner: nobody
# persistent: yes
...
default:user:owner:rwsado
default:user:streamsadmin:rwsado
default:role:InstanceUser:---a--
default:role:DomainAdministrator:rwsado
default:role:InstanceAdministrator:rwsado

A new job group has the following permissions:

$ streamtool mkjobgroup -d domain3 -i instance1 -U jobuser groupA
CDISC0170I The following job group was created: groupA. 
The job group was created for the instance1 instance in the domain3 domain.
$ streamtool  getacl  -d smd3 -i instance1 jobgroup_groupA
# object: jobgroup_groupA
# parent: jobs
# owner: joeuser
# persistent: yes
user:owner:rwsado
user:joeuser:rwsado
role:InstanceUser:---a--
role:DomainAdministrator:rwsado
role:InstanceAdministrator:rwsado

When you create a job group, you can set the initial permissions by changing the default: permissions on the jobs security object. The following example shows how to set the delete permission as a default for new job groups:

streamtool setacl -d smd3 -i instance1 default:role:InstanceUser+d jobs
CDISC0019I The access control list for the instance1 instance in the smd3 domain was updated.

You can set the permissions for job groups in the Teracloud® Streams access control list (ACL). For example, use the streamtool grantjobpermission and streamtool revokejobpermission commands to set the following permissions for users, groups, or roles:

ALL

This privilege is equivalent to having add, read, write, search, delete, and own authority for the jobgroup_name instance object.

DATAREAD

Receive data from the jobs in the job group. This privilege is equivalent to having read authority for the jobgroup_name instance object.

DATAWRITE

Send data to the jobs in the job group. This privilege is equivalent to having write authority for the jobgroup_name instance object.

JOBCONTROL

Submit new jobs or stop jobs in the job group. This privilege is equivalent to having add and delete authority for the jobgroup_name instance object.

OWN

Change the permissions of the jobs in the job group. This privilege is equivalent to having own authority for the jobgroup_name instance object.

SUBMIT

Submit new jobs in the job group. This privilege is equivalent to having add authority for the jobgroup_name instance object.

streamtool grantjobpermission -d StreamsDomain -i StreamsInstance -J default user:Alice:DATAWRITE

The following example shows how an administrator can change the permissions for the job group to allow any jobs that are submitted by the user Bob to import data from any other jobs that are created in the Teracloud® Streams instance:

streamtool grantjobpermission -d StreamsDomain -i StreamsInstance -J default user:Bob:DATAREAD