SunPlex Manager and selected Sun Cluster commands and options that you issue on the command line use RBAC for authentication. Several RBAC rights profiles are included in Sun Cluster. You can assign these rights profiles to users or to roles to give them different levels of access to Sun Cluster. Sun provides the following rights profiles with Sun Cluster software.
Rights Profile |
Includes Authorizations |
This Authorization Permits the Role Identity to |
---|---|---|
Sun Cluster Commands |
None, but includes a list of Sun Cluster commands that run with euid=0 |
Execute selected Sun Cluster commands that you use to configure and manage a cluster, including: scswitch(1M) (selected options) |
Basic Solaris User |
This existing Solaris rights profile contains Solaris authorizations, as well as: |
Perform the same operations that the Basic Solaris User role identity can perform, as well as: |
|
solaris.cluster.device.read |
Read information about device groups |
|
solaris.cluster.gui |
Access SunPlex Manager |
|
solaris.cluster.network.read |
Read information about IP Network Multipathing Note – This authorization does not apply to SunPlex Manager. |
|
solaris.cluster.node.read |
Read information about attributes of nodes |
|
solaris.cluster.quorum.read |
Read information about quorum devices and the quorum state |
|
solaris.cluster.resource.read |
Read information about resources and resource groups |
|
solaris.cluster.system.read |
Read the status of the cluster |
|
solaris.cluster.transport.read |
Read information about transports |
Cluster Operation |
solaris.cluster.appinstall |
Install clustered applications |
|
solaris.cluster.device.admin |
Perform administrative tasks on device group attributes |
|
solaris.cluster.device.read |
Read information about device groups |
|
solaris.cluster.gui |
Access SunPlex Manager |
|
solaris.cluster.install |
Install clustering software Note – This authorization does not apply to SunPlex Manager. |
|
solaris.cluster.network.admin |
Perform administrative tasks on IP Network Multipathing attributes Note – This authorization does not apply to SunPlex Manager. |
|
solaris.cluster.network.read |
Read information about IP Network Multipathing Note – This authorization does not apply to SunPlex Manager. |
|
solaris.cluster.node.admin |
Perform administrative tasks on node attributes |
|
solaris.cluster.node.read |
Read information about attributes of nodes |
|
solaris.cluster.quorum.admin |
Perform administrative tasks on quorum devices and quorum state attributes |
|
solaris.cluster.quorum.read |
Read information about quorum devices and the quorum state |
|
solaris.cluster.resource.admin |
Perform administrative tasks on resource attributes and resource group attributes |
|
solaris.cluster.resource.read |
Read information about resources and resource groups |
|
solaris.cluster.system.admin |
Administer the system Note – This authorization does not apply to SunPlex Manager. |
|
solaris.cluster.system.read |
Read the status of the cluster |
|
solaris.cluster.transport.admin |
Perform administrative tasks on transport attributes |
|
solaris.cluster.transport.read |
Read information about transports |
System Administrator |
This existing Solaris rights profile contains the same authorizations that the Cluster Management profile contains. |
Perform the same operations that the Cluster Management role identity can perform, in addition to other system administration operations. |
Cluster Management |
This rights profile contains the same authorizations that the Cluster Operation profile contains, as well as the following authorizations: |
Perform the same operations that the Cluster Operation role identity can perform, as well as: |
|
solaris.cluster.device.modify |
Modify device group attributes |
|
solaris.cluster.gui |
Access SunPlex Manager |
|
solaris.cluster.network.modify |
Modify IP Network Multipathing attributes Note – This authorization does not apply to SunPlex Manager. |
|
solaris.cluster.node.modify |
Modify node attributes Note – This authorization does not apply to SunPlex Manager. |
|
solaris.cluster.quorum.modify |
Modify quorum devices and quorum state attributes |
|
solaris.cluster.resource.modify |
Modify resource attributes and resource group attributes |
|
solaris.cluster.system.modify |
Modify system attributes Note – This authorization does not apply to SunPlex Manager. |
|
solaris.cluster.transport.modify |
Modify transport attributes |