Job-level enforcement provides tight user control. Users are required to have both the daemon-level and job-level permissions. For example, to execute a job, the user must have both the daemon-level execute privilege and the job-level execute privilege for the specific job to be executed. This makes permission management very powerful, but requires additional work to maintain. Job-level enforcement is recommended in the following cases:
- Mixture of power users and weak users. Not all users are completely trusted.
- Need to isolate specific work. Users should have access to some jobs, but not all jobs.
- Need for job ownership. User needs to create own jobs and then determine if others can access them.