Managing HP Serviceguard for Linux, Tenth Edition, September 2012
Controlling Access to the Cluster
Serviceguard access-control policies define cluster users’ administrative or monitoring
capabilities.
A Note about Terminology
Although you will also sometimes see the term role-based access (RBA) in the output of
Serviceguard commands, the preferred set of terms, always used in this manual, is as
follows:
• Access-control policies - the set of rules defining user access to the cluster.
◦ Access-control policy - one of these rules, comprising the three parameters
USER_NAME, USER_HOST, USER_ROLE. See “Setting up Access-Control Policies”
(page 188).
• Access roles - the set of roles that can be defined for cluster users (Monitor, Package
Admin, Full Admin).
◦ Access role - one of these roles (for example, Monitor).
How Access Roles Work
Serviceguard daemons grant access to Serviceguard commands by matching the
command user’s hostname and username against the access control policies you define.
Each user can execute only the commands allowed by his or her role.
The diagram that shows the access roles and their capabilities. The innermost circle is
the most trusted; the outermost the least. Each role can perform its own functions and the
functions in all of the circles outside it. For example Serviceguard Root can perform its
own functions plus all the functions of Full Admin, Package Admin and Monitor; Full
Admin can perform its own functions plus the functions of Package Admin and Monitor;
and so on.
186 Building an HA Cluster Configuration