The /etc/at.allow and /etc/at.deny files are used to determine user access to at. If the /etc/at.allow file exists, only users listed in the /etc/at.allow file are allowed to use cron. Even if root is not listed in /etc/at.allow, root is still allowed to use at.
[root@server1 ~]# cat /etc/at.allow root
In this example, only root is allowed. If user1 attempts to user at, an error appears.
[user1@server1 ~]# at 1:00 PM 2016-01-01 < example.sh You do not have permission to use at.
If both the /etc/at.allow and /etc/at.deny files exists, the /etc/at.deny file is ignored. For this reason, there is no point in using the /etc/at.deny file is the /etc/at.allow file exists. If only the /etc/at.deny file exists, the /etc/at.deny file is used.