This is documentation for Mathematica 6, which was
based on an earlier version of the Wolfram Language.
View current documentation (Version 11.2)

Restricting and Reserving Licenses

Writing a Restriction Script

Restriction scripts can be very useful in managing sitewide installations of Mathematica. They can be used to prevent access to Mathematica by unauthorized users on the network and to guarantee license availability to particular users. Restriction scripts are cross-platform compatible, provide unambiguous control, and require no programming experience to write. The syntax of the restriction scripts is very similar to that of the .htaccess files used in web servers for controlling access to HTML files.
The layout of a typical restriction script is as follows. Sample restriction scripts follow the definitions.

Defining the Terms

1.   AuthName Sample
2.   AuthGroupFile mathlmgroup.txt
3.   order ( allow,deny | deny,allow )
4.  allow from ( all | machines ... )
5.   allow hostgroup machinegroups ...
6.   deny from ( all | machines ... )
7.   deny hostgroup machinegroups ...
8.   allow user ( all | users ... )
9.   allow group usergroups ...
10.   deny user (all | users ... )
11.   deny group usergroups ...
12.   reserve [ count ] from machines ...
13.   reserve [ count ] hostgroup machinegroups ...
14.   reserve [ count ] user users ...
15.   reserve [ count ] group usergroups ...

License Reservations

The reserve directives allow you to guarantee license availability to particular users or machines. It is important to note that reserved licenses are always reserved and are inaccessible to all other users or machines.
In some situations, it may be necessary to reserve unequal numbers of front end and kernel licenses. The reservefe keyword reserves count front end licenses only, while the reservekernel keyword reserves count kernel licenses only. The syntax for reservefe and reservekernel is otherwise identical to the syntax for reserve.

Sample Restriction Scripts

The following examples illustrate key features of restriction scripts.

Scripts without Groups

The following script will deny Mathematica license requests from user1 and hostname1. License requests from all other users and machines will be allowed.
The following script will only allow license requests from users user1 through user5 and from machines in the range of IP addresses from 192.168.2.1 to 192.168.2.12, as well as 192.168.0.1 and 192.168.0.5. License requests from any other users or machines will be denied.

Scripts with Groups

The following script imposes the same restrictions as the preceding script, but the users and machines are specified via groups and hostgroups.
This is the file mathlmgroup1.txt. It defines one machine group and two user groups.

Scripts Demonstrating Default Access State

The following script will allow license requests from all users and all machines except host1. If user1 requests a license while logged on to host1, the request will be allowed. This request matches both rules in this script, but the value of the order directive specifies that the allow directive has precedence. Note that a license request from user2 logged on to host1 would be denied.
The value of the order directive is the only difference between the preceding script and the following script, but the meaning of the script is reversed. This script only allows license requests from user1. A license request from user1 logged on to host1 will be denied. Such a request matches both rules, but the request is denied because the deny rule has precedence.

Scripts with License Reservations

The following script will allow all license requests. It reserves three kernel licenses for 192.168.0.1, and one front end license and one kernel license for user1. These reserved licenses are inaccessible to all other machines or users.
The following script will only allow license requests from user1, user2, hostname1, hostname2, domain1.com, and IP addresses in the range 192.168.1.1 through 192.168.2.9. It reserves three kernel licenses and three front end licenses for hostname2, another three kernel licenses and three front end licenses for the range of IP addresses from 192.168.1.1 to 192.168.2.9, one kernel license and one front end license for user1, and one kernel license and one front end license for user2. In this script, a total of eight front end licenses and eight kernel licenses are reserved.

Scripts with License Reservations and Groups

The following script imposes the same restrictions and reservations as the preceding script, but the users and machines are specified via groups and hostgroups.
This is the file mathlmgroup2.txt. It defines two machine groups and one user group.
Reserved licenses are always reserved. They are inaccessible to all other users or machines, regardless of whether they are in use. Even if none of the specified users or machines are running Mathematica, the license pool for all other users and machines is effectively reduced by the number of reserved licenses.

Using a Restriction Script

To use a restriction script, run MathLM with the option -restrict followed by the pathname of the script. You can give the restriction script any filename (and extension) that you want. See "Launching MathLM" for details about command-line options.
MathLM must be restarted if the restriction script or AuthGroupFile is changed.