Sun Cluster System Administration Guide for Solaris OS

Sun Cluster RBAC Rights Profiles

SunPlex Manager and selected Sun Cluster commands and options that you issue on the command line use RBAC for authorization. Several RBAC rights profiles are included in Sun Cluster. You can assign these rights profiles to users or to roles to give them different levels of access to Sun Cluster. Sun provides the following rights profiles with Sun Cluster software.

Rights Profile	Includes Authorizations	This Authorization Permits the Role Identity to
Sun Cluster Commands	None, but includes a list of Sun Cluster commands that run with `euid=0`	Execute selected Sun Cluster commands that you use to configure and manage a cluster, including: scgdevs(1M) scswitch(1M) (selected options) scha_control(1HA) scha_resource_get(1HA) scha_resource_setstatus(1HA) scha_resourcegroup_get(1HA) scha_resourcetype_get(1HA)
Basic Solaris User	This existing Solaris rights profile contains Solaris authorizations, as well as:	Perform the same operations that the Basic Solaris User role identity can perform, as well as:
	`solaris.cluster.device.read`	Read information about device groups
	`solaris.cluster.gui`	Access SunPlex Manager
	`solaris.cluster.network.read`	Read information about IP Network Multipathing
	`solaris.cluster.node.read`	Read information about attributes of nodes
	`solaris.cluster.quorum.read`	Read information about quorum devices and the quorum state
	`solaris.cluster.resource.read`	Read information about resources and resource groups
	`solaris.cluster.system.read`	Read the status of the cluster
	`solaris.cluster.transport.read`	Read information about transports
Cluster Operation	`solaris.cluster.appinstall`	Install clustered applications
	`solaris.cluster.device.admin`	Perform administrative tasks on device group attributes
	`solaris.cluster.device.read`	Read information about device groups
	`solaris.cluster.gui`	Access SunPlex Manager
	`solaris.cluster.install`	Install clustering software
	`solaris.cluster.network.admin`	Perform administrative tasks on IP Network Multipathing attributes
	`solaris.cluster.network.read`	Read information about IP Network Multipathing
	`solaris.cluster.node.admin`	Perform administrative tasks on node attributes
	`solaris.cluster.node.read`	Read information about attributes of nodes
	`solaris.cluster.quorum.admin`	Perform administrative tasks on quorum devices and quorum state attributes
	`solaris.cluster.quorum.read`	Read information about quorum devices and the quorum state
	`solaris.cluster.resource.admin`	Perform administrative tasks on resource attributes and resource group attributes
	`solaris.cluster.resource.read`	Read information about resources and resource groups
	`solaris.cluster.system.admin`	Administer the system
	`solaris.cluster.system.read`	Read the status of the cluster
	`solaris.cluster.transport.admin`	Perform administrative tasks on transport attributes
	`solaris.cluster.transport.read`	Read information about transports
System Administrator	This existing Solaris rights profile contains the same authorizations that the Cluster Management profile contains.	Perform the same operations that the Cluster Management role identity can perform, in addition to other system administration operations.
Cluster Management	This rights profile contains the same authorizations that the Cluster Operation profile contains, as well as the following authorizations:	Perform the same operations that the Cluster Operation role identity can perform, as well as:
	`solaris.cluster.device.modify`	Modify device group attributes
	`solaris.cluster.gui`	Access SunPlex Manager
	`solaris.cluster.network.modify`	Modify IP Network Multipathing attributes
	`solaris.cluster.node.modify`	Modify node attributes
	`solaris.cluster.quorum.modify`	Modify quorum devices and quorum state attributes
	`solaris.cluster.resource.modify`	Modify resource attributes and resource group attributes
	`solaris.cluster.system.modify`	Modify system attributes
	`solaris.cluster.transport.modify`	Modify transport attributes