Managing Serviceguard 13th Edition, February 2007

ManualsBrandsHP ManualsSoftwareHP Serviceguard Software

191

192

193

194

195

196

197

198

199

200

Building an HA Cluster Configuration

Preparing Your Systems

Chapter 5192

Access Roles

Serviceguard access control policies define what a user on a remote node

can do on the local node. Serviceguard recognizes two levels of access,

root and non-root:

• Root Access: Users authorized for root access have total control over

the configuration of the cluster and packages. These users have full

operating-system-level root privileges for the node, the same

privileges as the local root user.

• Non-root Access: Non-root users can be assigned one of four roles:

— Monitor: These users have read-only access to the cluster and its

packages. On the command line, these users can issue these

commands: cmviewcl, cmquerycl, cmgetconf, and cmviewconf.

Serviceguard Manager users can see status and configuration

information on the map, tree and properties.

— (single-package) Package Admin: Applies only to a specific

package. (This is the only access role defined in the package

configuration file; the others are defined in the cluster

configuration.) On the command line, these users can issue the

commands for the specified package: cmrunpkg, cmhaltpkg, and

cmmodpkg. Serviceguard Manager users can see these Admin

menu options for the specific package: Run Package, Halt

Package, Move Package, and Enable or Disable Switching.

Package Admins can not configure or create packages. Package

Admin includes the privileges of the Monitor role.

— (all-packages) Package Admin: Applies to all packages in the

cluster and so is defined in the cluster configuration. The

commands are the same as the role above. Package Admin

includes the privileges of the Monitor role.

— Full Admin: These users can administer the cluster. On the

command line, these users can issue these commands in their

cluster: cmruncl, cmhaltcl, cmrunnode, and cmhaltnode. Full

Admins can not configure or create a cluster. In Serviceguard

Manager, they can see the Admin menu for their cluster and any

packages in their cluster. Full Admin includes the privileges of

the Package Admin role.