Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Cluster System Administration Guide Oracle Solaris Cluster 4.1 |
1. Introduction to Administering Oracle Solaris Cluster
2. Oracle Solaris Cluster and RBAC
Setting Up and Using RBAC With Oracle Solaris Cluster
Oracle Solaris Cluster RBAC Rights Profiles
Modifying a User's RBAC Properties
How to Modify a User's RBAC Properties From the Command Line
3. Shutting Down and Booting a Cluster
4. Data Replication Approaches
5. Administering Global Devices, Disk-Path Monitoring, and Cluster File Systems
7. Administering Cluster Interconnects and Public Networks
10. Configuring Control of CPU Usage
Use this task to create a new RBAC role with an Oracle Solaris Cluster Management Rights Profile and to assign users to this new role.
For roles in the local scope, use the roleadd command to specify a new local role and its attributes. For more information, see the roleadd(1M) man page.
Alternatively, for roles in the local scope, edit the user_attr file to add a user with type=role. For more information, see the user_attr(4) man page.
Use this method only for emergencies.
For roles in a name service, use the roleadd and rolemod commands to specify the new role and its attributes. For more information, see the roleadd(1M) and rolemod(1M) man pages.
This command requires authentication by the root role that is capable of creating other roles. You can apply the roleadd command to all name services.
New roles do not take effect until the name service cache daemon is restarted. As root, type the following text:
# /etc/init.d/nscd stop # /etc/init.d/nscd start
Example 2-1 Creating a Custom Operator Role by Using the smrole Command
The following sequence demonstrates how a role is created with the smrole command. In this example, a new version of the Operator role is created that has assigned to it the standard Operator rights profile and the Media Restore rights profile.
% su primaryadmin # /usr/sadm/bin/smrole add -H myHost -- -c "Custom Operator" -n oper2 -a johnDoe \ -d /export/home/oper2 -F "Backup/Restore Operator" -p "Operator" -p "Media Restore" Authenticating as user: primaryadmin Type /? for help, pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password :: <type primaryadmin password> Loading Tool: com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost Login to myHost as user primaryadmin was successful. Download of com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost was successful. Type /? for help, pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password ::<type oper2 password> # /etc/init.d/nscd stop # /etc/init.d/nscd start
To view the newly created role (and any other roles), use smrole with the list option, as follows:
# /usr/sadm/bin/smrole list -- Authenticating as user: primaryadmin Type /? for help, pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password :: <type primaryadmin password> Loading Tool: com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost Login to myHost as user primaryadmin was successful. Download of com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost was successful. root 0 Super-User primaryadmin 100 Most powerful role sysadmin 101 Performs non-security admin tasks oper2 102 Custom Operator