Serviceguard Manager Version A.05.01 Release Notes, February 2007
Serviceguard Manager Version A.05.01 Release Notes
Installing and Running Serviceguard Manager
Chapter 1 35
Setting up Serviceguard Manager
Security, Logins, and Access Policies
In version A.11.16.xx, Serviceguard changed its method of controlling
and assigning logins, and roles. Therefore, the way you open
Serviceguard Manager sessions and discover Serviceguard objects is
quite different in versions A.11.16.xx and later than it is in earlier
versions of Serviceguard.
Logins and roles, Version A.11.16.xx and A.11.17.xx: Creating or
modifying configuration still requires Root access (UID=0) on a cluster’s
nodes. Starting in Serviceguard version A.11.16.xx, a root user can
configure clusters and packages using Serviceguard Manager as well as
the command line. If you log in to a Session Server’s COM as root, you
have full access to the cluster and its nodes.
In addition, there are four possible non-root roles that can be defined in
the cluster’s configuration files. These are specified as Access Control
Policies in the cluster and package configuration files. Each Access
Policy has three parts:
• User: A username from the host’s /etc/passwd file
• Host: Where the user will issue the command. For Serviceguard
Manager, this is the Session Server node
• Role: Which commands the user may issue on the cluster where the
policy is configured. There are 4 non-root roles:
— monitor (view, read-only), defined in the cluster configuration
file.
This is the only role that does not require the Host node to have
version A.11.16.xx or A.11.17.xx of Serviceguard.
— (single package) package admin, defined in that package’s
configuration file
— (all cluster packages) package admin, defined in the cluster
configuration file
— full admin (cluster and all of its packages), defined in the cluster
configuration file
For more information about access control policies, see the online help
for Configuring Clusters: Roles.