The following sections describe how to perform the following key access control functions:
Become superuser on the Sun Management Center server host.
% su - |
Edit the file /var/opt/SUNWsymon/cfg/esusers.
Add the user name on a new line.
Make sure that the user name is the user name of a valid UNIX user.
Save the file and exit the editor.
Users that are added to the users list have default privileges. See Default Privileges and To Override Default Agent Privileges for more information.
Access the Attribute Editor in either of the following ways:
Press mouse button 3 on the selected object, and choose Attribute Editor from the pop-up menu.
Choose Attribute Editor from the Tools menu in the main console window.
The Attribute Editor is displayed. The buttons at the bottom of the window are inactive, with the exception of the Cancel and Help buttons. The remaining buttons become active when you modify any field in the window.
Select the Security tab in the Attribute Editor window.
Change the values as required.
The following list explains the data in each field and provides sample values.
A list of users. jim is a user who can perform administrator operations.
A list of operators. john and others are users who can perform operator operations. Note that their entries are separated by one or more spaces.
A list of general users. nick and richie are users who can perform general operations.
All the users that belong to administrator groups can perform administrator operations. By default, the users are esadm or esdomadm, as applicable.
All users that belong to esops can perform operator operations.
ANYGROUP is a hypothetical group that can perform general operations. All Sun Management Center users belong to this hypothetical group.
This field is empty, denoting that there is no SNMP community that can perform administrator operations that use SNMP.
This field is empty, denoting that there is no SNMP community that can perform operator operations that use SNMP.
By default, public is an SNMP community that can perform general operations that use SNMP.
Use spaces or commas between multiple entries as illustrated in the entries for “Operator” under “Users.”
For more information about security privileges, see Access Control Categories.
Become superuser on the Sun Management Center server host.
Use the groupadd command to create a group.
# /usr/sbin/groupadd groupname |
Add users to the newly created group.
Add the new group to the ACL.
See To Control Access to a Module for more information.
Become superuser on the Sun Management Center server host.
If needed, add the user name to the /var/opt/SUNWsymon/cfg/esusers file.
In the /etc/group file, add the user to one of the following lines as applicable: esadm, esops, or esdomadm.
Save the file and exit the editor.
Become superuser on the Sun Management Center server host.
In the file /var/opt/SUNWsymon/cfg/esusers, delete the line corresponding to the user name you want to delete.
Save the file and exit the editor.
Delete the user names from Sun Management Center groups.
After a user is deleted from the list of Sun Management Center users, the user can no longer log into the Sun Management Center server. Make sure to delete that user from all the ACLs.
In Sun Management Center software, only administrators can override default privileges using the Attribute Editor to modify the ACL lists for that particular object.
Access the Attribute Editor for the specific managed object on which you need to change the privileges.
To view and change security information, click the Security tab in the Attribute Editor window.
Change the information as needed.
To apply the security changes and close the Attribute Editor window, click OK.
To leave the Attribute Editor window open and apply the security changes, click Apply.