Using Access Control

The following sections describe how to perform the following key access control functions:

• To Add Sun Management Center Users

• To Control Access to a Module

• To Add a User-Defined Group to an ACL

• To Grant a User esadm, esops, or esdomadm Privileges

• To Delete Sun Management Center Users

• To Override Default Agent Privileges

To Add Sun Management Center Users

1. Become superuser on the Sun Management Center server host.

   % su -

2. Edit the file /var/opt/SUNWsymon/cfg/esusers.

3. Add the user name on a new line.

   Make sure that the user name is the user name of a valid UNIX user.

4. Save the file and exit the editor.

   Users that are added to the users list have default privileges. See Default Privileges and To Override Default Agent Privileges for more information.

To Control Access to a Module

1. Access the Attribute Editor in either of the following ways:

   • Press mouse button 3 on the selected object, and choose Attribute Editor from the pop-up menu.

   • Choose Attribute Editor from the Tools menu in the main console window.

   The Attribute Editor is displayed. The buttons at the bottom of the window are inactive, with the exception of the Cancel and Help buttons. The remaining buttons become active when you modify any field in the window.

2. Select the Security tab in the Attribute Editor window.

3. Change the values as required.

   The following list explains the data in each field and provides sample values.

   Administrator Users

   A list of users. jim is a user who can perform administrator operations.

   Operator Users

   A list of operators. john and others are users who can perform operator operations. Note that their entries are separated by one or more spaces.

   General Users

   A list of general users. nick and richie are users who can perform general operations.

   Administrator Groups

   All the users that belong to administrator groups can perform administrator operations. By default, the users are esadm or esdomadm, as applicable.

   Operator Groups

   All users that belong to esops can perform operator operations.

   General User Groups

   ANYGROUP is a hypothetical group that can perform general operations. All Sun Management Center users belong to this hypothetical group.

   Communities for Administrators

   This field is empty, denoting that there is no SNMP community that can perform administrator operations that use SNMP.

   Communities for Operators

   This field is empty, denoting that there is no SNMP community that can perform operator operations that use SNMP.

   Communities for General Users

   By default, public is an SNMP community that can perform general operations that use SNMP.

   Use spaces or commas between multiple entries as illustrated in the entries for “Operator” under “Users.”

   For more information about security privileges, see Access Control Categories.

To Add a User-Defined Group to an ACL

1. Become superuser on the Sun Management Center server host.

2. Use the groupadd command to create a group.

   # /usr/sbin/groupadd groupname

3. Add users to the newly created group.

   1. In the /etc/group file, add users to the group.

   2. Save the file and exit the editor.

4. Add the new group to the ACL.

   See To Control Access to a Module for more information.

To Grant a User esadm, esops, or esdomadm Privileges

1. Become superuser on the Sun Management Center server host.

2. If needed, add the user name to the /var/opt/SUNWsymon/cfg/esusers file.

3. In the /etc/group file, add the user to one of the following lines as applicable: esadm, esops, or esdomadm.

4. Save the file and exit the editor.

To Delete Sun Management Center Users

1. Become superuser on the Sun Management Center server host.

2. In the file /var/opt/SUNWsymon/cfg/esusers, delete the line corresponding to the user name you want to delete.

3. Save the file and exit the editor.

4. Delete the user names from Sun Management Center groups.

   ---

   Note –

   After a user is deleted from the list of Sun Management Center users, the user can no longer log into the Sun Management Center server. Make sure to delete that user from all the ACLs.

   ---

To Override Default Agent Privileges

In Sun Management Center software, only administrators can override default privileges using the Attribute Editor to modify the ACL lists for that particular object.

1. Access the Attribute Editor for the specific managed object on which you need to change the privileges.

2. To view and change security information, click the Security tab in the Attribute Editor window.

3. Change the information as needed.

4. To apply the security changes and close the Attribute Editor window, click OK.

   To leave the Attribute Editor window open and apply the security changes, click Apply.