The /etc/cron.allow and /etc/cron.deny files are used to determine user access to cron. If the /etc/cron.allow file exists, only users listed in the /etc/cron.allow file are allowed to use cron. Even if root is not listed in /etc/cron.allow, root is still allowed to use cron.

[root@server1 ~]# cat /etc/cron.allow
root

In this example, only root is allowed. If user1 attempts to user cron, an error appears.

[user1@server1 ~]# crontab -e
You (user1) are not allowed to use this program (crontab)
See crontab(1) for more information

If both the /etc/cron.allow and /etc/cron.deny files exists, the /etc/cron.deny file is ignored. For this reason, there is no point in using the /etc/cron.deny file is the /etc/cron.allow file exists. If only the /etc/cron.deny file exists, the /etc/cron.deny file is used.