sec_check_priv

Determine whether a user name has the permission required to run a menu command.

Syntax

sec_check_priv(user_name, permission, [time_out])

Parameter

Parameter	Definition
user_name	user name that runs a menu command
permission	permission required to run a menu command Valid Values See PATROL permissions.
time_out	integer specifying a time limit (in seconds) for sec_check_priv() to return a value Entering a 0 fortime_out gives sec_check_priv() an infinite amount of time to return a value. Valid Values 0 ≤ seconds < ∞ Default 300

Description

The sec_check_priv() function determines whether the user name that runs a menu command has the proper permission to proceed. If the user name has the permission, the function returns a 1, else it returns 0.

BMC supports running sec_check_priv() from only a menu command. If you run it from another location, sec_check_priv() can return a 1 when the user name does not have the permission.

If sec_check_priv() cannot determine whether the user name has the permission, it returns a 1 instead of possibly denying access to a user name that has the proper permission. Usually sec_check_priv() cannot determine the permission when the time_out period expires.

Note

If sec_check_priv() encounters an error, it returns a 1 but does not change the value of the errno variable.

The following table shows a representative sample of PATROL permissions that you can use as the permission parameter. For a complete list of these permissions, see the ac_cs_default.mof file.

PATROL Permissions

Permission Type	Permissions
PATROL Agent Permissions	BMC_PRIV_PATROL_AGENT_LOAD_KM BMC_PRIV_PATROL_AGENT_UNLOAD_KM BMC_PRIV_PATROL_AGENT_SHUTDOWN BMC_PRIV_PATROL_AGENT_RUN_COMMANDS BMC_PRIV_PATROL_AGENT_RUN_PRIV_COMMANDS BMC_PRIV_PATROL_AGENT_RUN_ADMIN_COMMANDS BMC_PRIV_PATROL_AGENT_USE_COMMAND_SHELL BMC_PRIV_PATROL_AGENT_BLACKOUT BMC_PRIV_PATROL_AGENT_SCHEDULE_JOB BMC_PRIV_PATROL_AGENT_ACTIVATE BMC_PRIV_PATROL_AGENT_DEACTIVATE BMC_PRIV_PATROL_AGENT_OVERWRIDE
PATROL End-to-End Response Timer Permissions	BMC_PRIV_PATROL_ETE_VIEW BMC_PRIV_PATROL_ETE_ADMIN

Permission Type

Permissions

PATROL Agent Permissions

BMC_PRIV_PATROL_AGENT_LOAD_KM
BMC_PRIV_PATROL_AGENT_UNLOAD_KM
BMC_PRIV_PATROL_AGENT_SHUTDOWN
BMC_PRIV_PATROL_AGENT_RUN_COMMANDS
BMC_PRIV_PATROL_AGENT_RUN_PRIV_COMMANDS
BMC_PRIV_PATROL_AGENT_RUN_ADMIN_COMMANDS
BMC_PRIV_PATROL_AGENT_USE_COMMAND_SHELL
BMC_PRIV_PATROL_AGENT_BLACKOUT
BMC_PRIV_PATROL_AGENT_SCHEDULE_JOB
BMC_PRIV_PATROL_AGENT_ACTIVATE
BMC_PRIV_PATROL_AGENT_DEACTIVATE
BMC_PRIV_PATROL_AGENT_OVERWRIDE

PATROL End-to-End Response Timer Permissions

BMC_PRIV_PATROL_ETE_VIEW
BMC_PRIV_PATROL_ETE_ADMIN

Example

The following example demonstrates the sec_check_priv() function:

if (sec_check_priv("jsmith", "BMC_PRIV_PATROL_AGENT_SHUTDOWN", 600)) {
# Insert procedure to shutdown agent.
print("PATROL Agent was successfully shutdown.");
}
else {
print("Permission denied.");
}

The previous example has the following output:

PATROL Agent was successfully shutdown.