HP Serviceguard A.11.20- Managing Serviceguard Twentieth Edition, August 2011
A Note about Terminology
Although you will also sometimes see the term role-based access (RBA) in the output of Serviceguard
commands, the preferred set of terms, always used in this manual, is as follows:
• Access-control policies- the set of rules defining user access to the cluster.
◦ Access-control policy - one of these rules, comprising the three parameters USER_NAME,
USER_HOST, USER_ROLE. See “Setting up Access-Control Policies” (page 194).
• Access roles - the set of roles that can be defined for cluster users (Monitor, Package Admin,
Full Admin).
◦ Access role - one of these roles (for example, Monitor).
How Access Roles Work
Serviceguard daemons grant access to Serviceguard commands by matching the command user’s
hostname and username against the access control policies you define. Each user can execute
only the commands allowed by his or her role.
The diagram that shows the access roles and their capabilities. The innermost circle is the most
trusted; the outermost the least. Each role can perform its own functions and the functions in all of
the circles outside it. For example Serviceguard Root can perform its own functions plus all the
functions of Full Admin, Package Admin and Monitor; Full Admin can perform its own functions
plus the functions of Package Admin and Monitor; and so on.
Figure 36 Access Roles
Configuring the Cluster 193