Sun Cluster System Administration Guide for Solaris OS

Sun Cluster RBAC Rights Profiles

Sun Cluster Manager and selected Sun Cluster commands and options that you issue at the command line use RBAC for authorization. Sun Cluster commands and options that require RBAC authorization will require one or more of the following authorization levels. Sun Cluster RBAC rights profiles apply to both voting and non-voting nodes in a global cluster.

solaris.cluster.read

Authorization for list, show, and other read operations.

solaris.cluster.admin

Authorization to change the state of a cluster object.

solaris.cluster.modify

Authorization to change properties of a cluster object.

For more information about the RBAC authorization required by a Sun Cluster command, see the command man page.

RBAC rights profiles include one or more RBAC authorizations. You can assign these rights profiles to users or to roles to give them different levels of access to Sun Cluster. Sun provides the following rights profiles with Sun Cluster software.


Note –

The RBAC rights profiles listed in the following table continue to support the old RBAC authorizations as defined in previous Sun Cluster releases.


Rights Profile 

Includes Authorizations 

Role Identity Permission 

Sun Cluster Commands 

None, but includes a list of Sun Cluster commands that run with euid=0

Execute selected Sun Cluster commands that you use to configure and manage a cluster, including the following subcommands for all of the Sun Cluster commands: 

  • list

  • show

  • status

scha_control(1HA)

scha_resource_get(1HA)

scha_resource_setstatus(1HA)

scha_resourcegroup_get(1HA)

scha_resourcetype_get(1HA)

Basic Solaris User 

This existing Solaris rights profile contains Solaris authorizations, as well as the following: 

 
 

solaris.cluster.read

Perform list, show, and other read operations for Sun Cluster commands, as well as access the Sun Cluster Manager GUI. 

Cluster Operation 

This rights profile is specific to Sun Cluster software and contains the following authorizations: 

 
 

solaris.cluster.read

Perform list, show, export, status, and other read operations, as well as access the Sun Cluster Manager GUI. 

  

solaris.cluster.admin

Change the state of cluster objects. 

System Administrator 

This existing Solaris rights profile contains the same authorizations that the Cluster Management profile contains. 

Perform the same operations that the Cluster Management role identity can perform, in addition to other system administration operations. 

Cluster Management 

This rights profile contains the same authorizations that the Cluster Operation profile contains, as well as the following authorization: 

Perform the same operations that the Cluster Operation role identity can perform, as well as change properties of a cluster object. 

  

solaris.cluster.modify