at.allow man page
at.allow, at.deny — determine who can submit jobs via at or batch
The /etc/at.allow and /etc/at.deny files determine which user can submit commands for later execution via at(1) or batch(1).
The format of the files is a list of usernames, one on each line. Whitespace is not permitted.
If the file /etc/at.allow exists, only usernames mentioned in it are allowed to use at.
If /etc/at.allow does not exist, /etc/at.deny is checked, every username not mentioned in it is then allowed to use at.
An empty /etc/at.deny means that every user may use at.
If neither exists, only the superuser is allowed to use at.
at(1), cron(8), crontab(1), atd(8).