Manualshelf

Managing Serviceguard Eighteenth Edition, September 2010

ManualsBrandsHP ManualsSoftwareHP Serviceguard Quorum Software
251252253254255256257258259260
A Note about Terminology
Although you will also sometimes see the term role-based access (RBA) in the output
of Serviceguard commands, the preferred set of terms, always used in this manual, is
as follows:
Access-control policies- the set of rules defining user access to the cluster.
Access-control policy - one of these rules, comprising the three parameters
USER_NAME, USER_HOST, USER_ROLE. See “Setting up Access-Control
Policies” (page 254).
Access roles - the set of roles that can be defined for cluster users (Monitor, Package
Admin, Full Admin).
Access role - one of these roles (for example, Monitor).
How Access Roles Work
Serviceguard daemons grant access to Serviceguard commands by matching the
command users hostname and username against the access control policies you define.
Each user can execute only the commands allowed by his or her role.
The diagram that shows the access roles and their capabilities. The innermost circle is
the most trusted; the outermost the least. Each role can perform its own functions and
the functions in all of the circles outside it. For example Serviceguard Root can perform
its own functions plus all the functions of Full Admin, Package Admin and Monitor;
Full Admin can perform its own functions plus the functions of Package Admin and
Monitor; and so on.
252 Building an HA Cluster Configuration