sec_check_priv

Determine whether a user name has the permission required to run a menu command.

Syntax

sec_check_priv(user_name, permission, [time_out])

Parameter

Parameter

Definition

user_name

user name that runs a menu command

permission

permission required to run a menu command

*Valid Values* 
See PATROL permissions.

time_out

integer specifying a time limit (in seconds) for sec_check_priv() to return a value Entering a 0 fortime_out gives sec_check_priv() an infinite amount of time to return a value. 

Valid Values 
0 ≤ seconds < ∞

 Default 
300

Description

The sec_check_priv() function determines whether the user name that runs a menu command has the proper permission to proceed. If the user name has the permission, the function returns a 1, else it returns 0. 

BMC supports running sec_check_priv() from only a menu command. If you run it from another location, sec_check_priv() can return a 1 when the user name does not have the permission.

If sec_check_priv() cannot determine whether the user name has the permission, it returns a 1 instead of possibly denying access to a user name that has the proper permission. Usually sec_check_priv() cannot determine the permission when the time_out period expires or when the PATROL Agent cannot connect to an RT server or console server. 

Note

 If sec_check_priv() encounters an error, it returns a 1 but does not change the value of the errno variable.

The following table shows a representative sample of PATROL permissions that you can use as the permission parameter. For a complete list of these permissions, see the ac_cs_default.mof file. For more information about the ac_cs_default.mof file, see the PATROL Console Server User Guide. 

 

PATROL Permissions 

Permission Type

Permissions

PATROL Agent Permissions

BMC_PRIV_PATROL_AGENT_LOAD_KM 
BMC_PRIV_PATROL_AGENT_UNLOAD_KM 
BMC_PRIV_PATROL_AGENT_SHUTDOWN 
BMC_PRIV_PATROL_AGENT_RUN_COMMANDS 
BMC_PRIV_PATROL_AGENT_RUN_PRIV_COMMANDS 
BMC_PRIV_PATROL_AGENT_RUN_ADMIN_COMMANDS 
BMC_PRIV_PATROL_AGENT_USE_COMMAND_SHELL 
BMC_PRIV_PATROL_AGENT_BLACKOUT 
BMC_PRIV_PATROL_AGENT_SCHEDULE_JOB 
BMC_PRIV_PATROL_AGENT_ACTIVATE 
BMC_PRIV_PATROL_AGENT_DEACTIVATE 
BMC_PRIV_PATROL_AGENT_OVERWRIDE

PATROL Console Server Permissions

BMC_PRIV_PATROL_CSERVER_HANDLE_AGENT 
BMC_PRIV_PATROL_CSERVER_HANDLE_KM 
BMC_PRIV_PATROL_CSERVER_HANDLE_LAYOUT_DB 
BMC_PRIV_PATROL_CSERVER_HANDLE_EVENT_FILTER 
BMC_PRIV_PATROL_CSERVER_EXECUTE_EVENT_QUERY 
BMC_PRIV_PATROL_CSERVER_ACKNOWLEDGE_EVENT 
BMC_PRIV_PATROL_CSERVER_CLOSE_EVENT 
BMC_PRIV_PATROL_CSERVER_DELETE_EVENT 
BMC_PRIV_PATROL_CSERVER_HANDLE_AGENT_QUERY_FILTER
BMC_PRIV_PATROL_CSERVER_EXECUTE_AGENT_QUERY 
BMC_PRIV_PATROL_CSERVER_OVERRIDE_KM_OBJECTS 
BMC_PRIV_PATROL_CSERVER_RUN_KM_COMMAND 
BMC_PRIV_PATROL_CSERVER_VIEW_SYSTEM_OUTPUT 
BMC_PRIV_PATROL_CSERVER_RUN_SYSTEM_COMMAND 
BMC_PRIV_PATROL_CSERVER_HANDLE_ACTION 
BMC_PRIV_PATROL_CSERVER_TRIGGER_KM_EXECUTION 
BMC_PRIV_PATROL_CSERVER_ARRANGE_VIEW 
BMC_PRIV_PATROL_CSERVER_CLEAR_HISTORY 
BMC_PRIV_PATROL_CSERVER_FORCE_CLOSE

PATROL Central - Windows Edition Permissions

BMC_PRIV_PATROL_BMCIC_LOAD_KM_IDE 
BMC_PRIV_PATROL_BMCIC_LOAD_OPERATOR_CONSOLE 
BMC_PRIV_PATROL_BMCIC_LOAD_INVESTIGATE_CONSOLE 
BMC_PRIV_PATROL_BMCIC_LOAD_SECURITY_GUI

PATROL Central - Web Edition Permissions

BMC_PRIV_PATROL_PWC_CORE_VIEW 
BMC_PRIV_PATROL_PWC_CORE_ADMIN 
BMC_PRIV_PATROL_PWC_OPERATOR_VIEW 
BMC_PRIV_PATROL_PWC_CV_VIEW 
BMC_PRIV_PATROL_PWC_CV_EDIT 
BMC_PRIV_PATROL_PWC_CORE_VIEW 
BMC_PRIV_PATROL_PWC_CORE_ADMIN 
BMC_PRIV_PATROL_PWC_OPERATOR_VIEW 
BMC_PRIV_PATROL_PWC_CV_VIEW 
BMC_PRIV_PATROL_PWC_CV_EDIT

PATROL End-to-End Response Timer Permissions

BMC_PRIV_PATROL_ETE_VIEW 
BMC_PRIV_PATROL_ETE_ADMIN

PATROL Event Manager Permissions

BMC_PRIV_PATROL_PEM_OPER 
BMC_PRIV_PATROL_PEM_BUILDER 
BMC_PRIV_PATROL_PEM_SOURCE

Example

The following example demonstrates the sec_check_priv() function:

 

if (sec_check_priv("jsmith", "BMC_PRIV_PATROL_AGENT_SHUTDOWN", 600)) {
# Insert procedure to shutdown agent.
print("PATROL Agent was successfully shutdown.");
}
else {
print("Permission denied.");
}

The previous example has the following output:

 

PATROL Agent was successfully shutdown.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*