Restricted Mode Capabilities (Sun N1 System Manager 1.3 Discovery and Administration Guide)

Sun N1 System Manager 1.3 Discovery and Administration Guide

Restricted Mode Capabilities

If your data center configuration does not allow the N1 System Manager to connect to both the management network and the provisioning network, the N1 System Manager operates in restricted mode.

The restricted mode is related to the privileges associated with the role of N1 System Manager users. Depending on how the N1 System Manager is configured, the administrator should assign the appropriate restricted mode role to users.

If the N1 System Manager is configured so that it only has access to the provisioning network, the administrator should assign only the ProvAdmin restricted mode role to non-root users.
If the N1 System Manager is configured so that it only has access to the management network, the administrator should assign only the MgmtAdmin restricted mode role to non-root users.

When the N1 System Manager is operating in restricted mode, users should be assigned only those privileges associated with the ProvAdmin or MgmtAdmin restricted mode roles, depending on the configuration. The ProvAdmin and MgmtAdmin restricted mode roles have been created specifically for the N1 System Manager's restricted mode of operation. It is possible to delete or modify the ProvAdmin and MgmtAdmin roles. Any custom roles you create should conform to the privilege set included in the ProvAdmin and MgmtAdmin roles, for stable performance of the product in restricted mode.

For information about roles, see Introduction to User Security.

Some N1 System Manager functions are not available based on whether your restricted mode installation has access to a management network only, or a provisioning network only. The following table lists all the commands that are valid for each restricted installation mode. If your installation provides only a management network, then only those items marked X in the management network column are available in the restricted mode. If you have only a provisioning network, then only those items marked X in the provisioning network column are available in the restricted installation mode.

Table 4–2 Restricted Mode Command Map


Command	Management Network	Provisioning Network
`add group`	X	X
`add osprofile`	-	X
`add server feature`	-	X
`add role`	X	X
`add user`	X	X
`connect`	X	-
`create firmware`	X	-
`create group`	X	X
`create notification`	X	X
`create os`	-	X
`create osprofile`	-	X
`create update`	-	X
`create role`	X	X
`delete firmware`	X	-
`delete group`	X	X
`delete job`	X	X
`delete notification`	X	X
`delete os`	-	X
`delete osprofile`	-	X
`delete server`	X	X
`delete update`	-	X
`discover`	X	X
`exit`	X	X
`help`	X	X
`load server firmware`	X	-
`load group firmware`	X	-
`load server osprofile`	-	X
`load group osprofile`	-	X
`load server update`	-	X
`load group update`	-	X
`remove group`	X	X
`remove osprofile`	-	X
`remove server`	X	X
`reset`	X	X
`set firmware`	X	-
`set group`	X	X
`set notification`	X	X
`set os`	-	X
`set osprofile`	-	X
`set role`	X	X
`set server agent SSH`	-	X
`set server SSH`	X	-
`set server filesystem threshold`	-	X
`set server IP`	X	-
`set server IPMI`	X	-
`set server locator`	X	-
`set server monitored`	X	X
`set server`	X	X
`set server name`	X	X
`set server note`	X	X
`set server refresh`	X	X
`set session`	X	X
`set user`	X	X
`show firmware`	X	X
`show os`	-	X
`show osprofile`	-	X
`show update`	-	X
`show group`	X	X
`show job`	X	X
`show log`	X	X
`show privilege`	X	X
`show notification`	X	X
`show role`	X	X
`show server`	X	X
`show session`	X	X
`show user`	X	X
`start group command`	-	X
`start server command`	-	X
`start group`	X	-
`start server`	X	-
`stop job`	X	X
`stop notification`	X	X
`unload server`	-	X
`unload group`	-	X