Sun Cluster Geographic Edition System Administration Guide

Sun Cluster Geographic Edition Software and RBAC

This section describes role-based access control (RBAC) in Sun Cluster Geographic Edition software. It contains the following sections:

Setting Up and Using RBAC

Sun Cluster Geographic Edition software bases its RBAC profiles on the RBAC rights profiles that are used in the Sun Cluster software. For general information about setting up and using RBAC with Sun Cluster software, refer to Chapter 2, Sun Cluster and RBAC, in Sun Cluster System Administration Guide for Solaris OS.

Sun Cluster Geographic Edition software adds the following new RBAC entities to the appropriate file in the /etc/security directory:


Note –

The default search order for the auth_attr and prof_attr databases is files nis, which is defined in the /etc/nsswitch.conf file. If you have customized the search order in your environment, confirm that files is in the search list. Including files in the search list enables your system to find the RBAC entries that Sun Cluster Geographic Edition defined.


RBAC Rights Profiles

The Sun Cluster Geographic Edition CLI and GUI use RBAC rights to control end-user access to operations. The general conventions for these rights are described in Table 4–1.

Table 4–1 Sun Cluster Geographic Edition RBAC Rights Profiles

Rights Profile 

Included Authorizations 

Role Identity Permission 

Geo Management 

solaris.cluster.geo.read

Read information about the Sun Cluster Geographic Edition entities 

solaris.cluster.geo.admin

Perform administrative tasks with the Sun Cluster Geographic Edition software 

solaris.cluster.geo.modify

Modify the configuration of the Sun Cluster Geographic Edition software 

Basic Solaris User 

Solaris authorizations 

Perform the same operations that the Basic Solaris User role identity can perform 

solaris.cluster.geo.read

Read information about the Sun Cluster Geographic Edition entities 

Modifying a User's RBAC Properties

To modify the RBAC rights for a user, you must be logged in as the root user or assume a role that is assigned the Primary Administrator rights profile.

For example, you can assign the Geo Management RBAC profile to the user admin as follows:


# usermod -P "Geo Management" admin
# profiles admin
Geo Management
Basic Solaris User
#

For more information about how to modify the RBAC properties for a user, refer to Chapter 2, Sun Cluster and RBAC, in Sun Cluster System Administration Guide for Solaris OS.