| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris Cluster System Administration Guide Oracle Solaris Cluster 3.3 3/13 |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris Cluster System Administration Guide Oracle Solaris Cluster 3.3 3/13 |
1. Introduction to Administering Oracle Solaris Cluster
2. Oracle Solaris Cluster and RBAC
Setting Up and Using RBAC With Oracle Solaris Cluster
Oracle Solaris Cluster RBAC Rights Profiles
Creating and Assigning an RBAC Role With an Oracle Solaris Cluster Management Rights Profile
How to Create a Role by Using the Administrative Roles Tool
How to Create a Role From the Command Line
Modifying a User's RBAC Properties
How to Modify a User's RBAC Properties by Using the User Accounts Tool
How to Modify a User's RBAC Properties From the Command Line
3. Shutting Down and Booting a Cluster
4. Data Replication Approaches
5. Administering Global Devices, Disk-Path Monitoring, and Cluster File Systems
7. Administering Cluster Interconnects and Public Networks
10. Configuring Control of CPU Usage
11. Patching Oracle Solaris Cluster Software and Firmware
12. Backing Up and Restoring a Cluster
13. Administering Oracle Solaris Cluster With the Graphical User Interfaces
You can modify a user's RBAC properties by using either the user accounts tool or the command line. To modify a user's RBAC properties, choose one of the following procedures.
How to Modify a User's RBAC Properties by Using the User Accounts Tool
How to Modify a User's RBAC Properties From the Command Line
Before You Begin
To modify a user's properties, you must run the User Tool Collection as root user or assume a role that has the primary administrator rights profile assigned to it.
To run the user accounts tool, start the Solaris Management Console, as described in How to Assume a Role in the Solaris Management Console in System Administration Guide: Security Services. Open the User Tool Collection and click the User Accounts icon.
After the User Accounts tool starts, the icons for the existing user accounts are displayed in the view pane.
To change the roles that are assigned to the user, click the Roles tab and move the role assignment to be changed to the appropriate column: Available Roles or Assigned Roles.
To change the rights profiles that are assigned to the user, click the Rights tab and move it to the appropriate column: Available Rights or Assigned Rights.
Note - Avoid assigning rights profiles directly to users. The preferred approach is to require users to assume roles in order to perform privileged applications. This strategy discourages users from abusing privileges.
To change the authorizations, roles, or rights profiles that are assigned to a user who is defined in the local scope, use the usermod(1M) command.
Alternatively, to change the authorizations, roles, or rights profiles that are assigned to a user who is defined in the local scope, edit the user_attr file.
Use this method for emergencies only.
To change the authorizations, roles, or rights profiles that are assigned to a user who is defined in a name service, use the smuser(1M) command.
This command requires authentication as superuser or as a role that is capable of changing user files. You can apply smuser to all name services. smuser runs as a client of the Solaris Management Console server.
|