JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Cluster Geographic Edition System Administration Guide     Oracle Solaris Cluster 3.3 3/13
search filter icon
search icon

Document Information

Preface

1.  Introduction to Administering the Geographic Edition Software

2.  Before You Begin

3.  Administering the Geographic Edition Infrastructure

4.  Administering Access and Security

Geographic Edition Software and RBAC

Setting Up and Using RBAC

RBAC Rights Profiles

Modifying a User's RBAC Properties

Configuring Secure Cluster Communication Using Security Certificates

Configuring Firewalls

Configuring Secure Cluster Communication Using IPsec

How to Configure IPsec for Secure Cluster Communication

5.  Administering Cluster Partnerships

6.  Administering Heartbeats

7.  Administering Protection Groups

8.  Monitoring and Validating the Geographic Edition Software

9.  Customizing Switchover and Takeover Actions

10.  Script-Based Plug-Ins

A.  Standard Geographic Edition Properties

B.  Legal Names and Values of Geographic Edition Entities

C.  Disaster Recovery Administration Example

D.  Takeover Postconditions

E.  Troubleshooting Geographic Edition Software

F.  Deployment Example: Replicating Data With MySQL

G.  Error Return Codes for Script-Based Plug-Ins

Index

Geographic Edition Software and RBAC

This section describes role-based access control (RBAC) in Geographic Edition software. It contains the following sections:

Setting Up and Using RBAC

Geographic Edition software bases its RBAC profiles on the RBAC rights profiles that are used in the Oracle Solaris Cluster software. For general information about setting up and using RBAC with Oracle Solaris Cluster software, refer to Chapter 2, Oracle Solaris Cluster and RBAC, in Oracle Solaris Cluster System Administration Guide.

Geographic Edition software adds the following new RBAC entities to the appropriate file in the /etc/security directory:


Note - The default search order for the auth_attr and prof_attr databases is files nis, which is defined in the /etc/nsswitch.conf file. If you have customized the search order in your environment, confirm that files is in the search list. Including files in the search list enables your system to find the RBAC entries that Geographic Edition defined.


RBAC Rights Profiles

The Geographic Edition CLI and GUI use RBAC rights to control end-user access to operations. The general conventions for these rights are described in Table 4-1.

Table 4-1 Geographic Edition RBAC Rights Profiles

Rights Profile
Included Authorizations
Role Identity Permission
Geo Management
solaris.cluster.geo.read
Read information about the Geographic Edition entities
solaris.cluster.geo.admin
Perform administrative tasks with the Geographic Edition software
solaris.cluster.geo.modify
Modify the configuration of the Geographic Edition software
Basic Oracle Solaris User
Oracle Solaris authorizations
Perform the same operations that the Basic Oracle Solaris User role identity can perform
solaris.cluster.geo.read
Read information about the Geographic Edition entities

When you use the Geo Management RBAC rights profile to administer configurations that use Oracle Data Guard or script-based plug-ins, ensure that the correct ACLs for /var/cluster/geo are set on each node of both partner clusters. If necessary, use the following command to set the ACLs:

# chmod A+user:username:rwx:allow /var/cluster/geo

Modifying a User's RBAC Properties

When you grant authorization to users other than superuser, you must do so on all nodes of both partner clusters. Otherwise, some operations that have a global scope might fail, due to insufficient user rights on one or more nodes in the partnership.

To modify the RBAC rights for a user, you must be logged in as superuser or assume a role that is assigned the Primary Administrator rights profile.

For example, you can assign the Geo Management RBAC profile to the user admin as follows:

# usermod -P "Geo Management" admin
# profiles admin
Geo Management
Basic Solaris User
#

For more information about how to modify the RBAC properties for a user, refer to Chapter 2, Oracle Solaris Cluster and RBAC, in Oracle Solaris Cluster System Administration Guide.