Manualshelf

Serviceguard Version A.11.16 Release Notes, 2nd Edition, September 2004

ManualsBrandsHP ManualsSoftwareHP Serviceguard Software
11121314151617181920
Serviceguard Version A.11.16 Release Notes, Second Edition
What’s in this Version
Chapter 1 11
Access Control Policies
Non-root access to Serviceguard is now defined in the cluster and
package configuration files, in a parameter called Access Control Policy.
You can have up to 200 policies in a cluster. Policies can be added,
modified, or deleted from the configuration without halting the cluster or
the package. Conflicting or redundant policies will cause an error at
cmapplyconf, and the configuration change will fail.
Each policy has three parts:
USER_NAME This can be any user that is defined in the
USER_HOST’s /etc/passwd file.
USER_HOST This is the node where the user will log in to issue
commands (not necessarily the node where the commands take
effect).
USER_ROLE This is the role, or capabilities granted to the user:
Monitor: The user can view the cluster objects (read-only). It is
defined in the cluster configuration file.
On the command line, users can issue cmviewcl, cmgetconf,
cmviewconf, and cmquerycl.
In the graphical user interface, this user can see information
about the Serviceguard cluster on the map and tree, and in the
Properties.
Package Admin: Includes Monitor privileges. The user can issue
commands to administer the package.
On the command line, users can issue: cmrunpkg, cmhaltpkg,
and cmmodpkg.
In the graphical user interface, these menu choices are offered:
run or halt a package, move a package from one node to another,
and change the node- and package-switching flags.
If defined in a package configuration file, the user can
administer that specific package.
If defined in a cluster configuration file, the user can
administer all packages in the cluster.