Sun Management Center 3.5 Installation and Configuration Guide

Setting Up Users

During Sun Management Center server setup, the file /var/opt/SUNWsymon/cfg/esusers is created.

Sun Management Center users are valid UNIX users whose login names are stored in the file /var/opt/SUNWsymon/cfg/esusers. All users listed in this file have general access privileges by default unless the user is given additional privileges, as described in To Assign a User to a Security Group.

If a user login name is not in /var/opt/SUNWsymon/cfg/esusers, that user cannot log in to Sun Management Center. For a user to be able to access Sun Management Center, the user name must be added to the /var/opt/SUNWsymon/cfg/esusers file, as described in To Add Sun Management Center Users.

Users must also be assigned a security level for access. Sun Management Center assigns users to specific security groups. Three groups are created by default during the installation process: esops, esadm, and esdomadm.

esops is the group that is assigned to users who can effectively use the product and fine-tune its operation. These users cannot affect major configuration or architectural changes. The esops group has the greatest restriction of access privileges.
esadm is the group that is assigned to users who can perform privileged operations, including the loading of modules and the configuration of managed objects and data properties. The esadm group has more access privileges than esops, but fewer access privileges than esdomadm.

esadm permits members to create top-level domains in a server context and assign privileges for other Sun Management Center users within these domains.
esdomadm is the group that is assigned to users who have domain administration privileges. These users can create top-level domains in a server context and assign privileges for other Sun Management Center users within these domains. This role is the highest-level role.

For further information about security groups and roles, see Users, Groups, and Roles Overview. To find out how to assign a user to a specific Sun Management Center security group, see To Assign a User to a Security Group. For further information about Sun Management Center security, see Security Recommendations.

To Add Sun Management Center Users

Add the user name on a new line in the /var/opt/SUNWsymon/cfg/esusers file.

The user name that you add must be a valid UNIX user name.

Save the file and exit the editor.

The user can now log in to Sun Management Center as a general user with limited access privileges. To enable additional access privileges for the user, assign the user to a specific security group. For further information about security groups, see Users, Groups, and Roles Overview.

To Assign a User to a Security Group

Ensure that the user login name is in the /var/opt/SUNWsymon/cfg/esusers file.

In the /etc/group file, add the user to one of the following lines as applicable: esadm, esops, or esdomadm.

Separate each entry by a comma. For example, assume that you want to make the following assignments:
- sysadmin1 and syadmin2 to the domain administration group esdomadm
- admin1, admin2, and admin3 to the administration group esadm
- ops1 and ops2 to the operations group esops
The entries in the /etc/group file would then be:
```
esadm::1000:admin1,admin2,admin3
esdomadm::1001:sysadmin1,sysadmin2
esops::1002:ops1,ops2
```
See Users, Groups, and Roles Overview for a thorough description of each of the security groups.

Save the file and exit the editor.

The user can now log in to Sun Management Center using the security privileges that you have assigned.