Managing Serviceguard 11th Edition, Version A.11.16, Second Printing June 2004

Building an HA Cluster Configuration

Preparing Your Systems

Chapter 5 185

Access Roles

Serviceguard has two levels of access:

• Root Access: Users who have been authorized for root access have

total control over the configuration of the cluster and packages.

• Non-root Access: Non-root users can be assigned one of four roles:

— Monitor: These users have read-only access to the cluster and its

packages. Command line users can issue these commands:

cmviewcl, cmquerycl, cmgetconf, and cmviewconf.

Serviceguard Manager users can see status and configuration

information on the map, tree and properties.

— (one) Package Admin: Applies only to a specific package. On the

command line, these users can issue the commands for the

specified package: cmrunpkg, cmhaltpkg, cmmodnet, cmrunserv,

cmhaltserv, cmstartres, cmstopres, and cmmodpkg.

Serviceguard Manager users can see these Admin menu options

for their specific package: Run Package, Halt Package, Move

Package, and Enable or Disable Switching. Package admins

can not configure or create packages. Package Admin includes

the privledges of the Monitor role.

— (all) Package Admin: Applies to all packages in the cluster. The

commands are the same as the role above. Package Admin

includes the privledges of the Monitor role.

— Full Admin: These users can administer the cluster. On the

command line, these users can issue these commands in their

cluster: cmruncl, cmhaltcl, cmrunnode, and cmhaltnode. Full

Admins can not configure or create a cluster. In the Serviceguard

Manager, they can see the Admin menu for their cluster and any

packages in their cluster. Full Admin includes the privledges of

the Package Admin role.

If you upgrade a cluster to Version 11.16, the cmclnodelist entries are

automatically updated into Access Control Policies in the cluster

configuration file. All non-root user-hostname pairs will be given the role

of Monitor (view only).