Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Cluster Geographic Edition System Administration Guide Oracle Solaris Cluster 3.3 3/13 |
1. Introduction to Administering the Geographic Edition Software
3. Administering the Geographic Edition Infrastructure
4. Administering Access and Security
Configuring Secure Cluster Communication Using Security Certificates
Configuring Secure Cluster Communication Using IPsec
How to Configure IPsec for Secure Cluster Communication
5. Administering Cluster Partnerships
7. Administering Protection Groups
8. Monitoring and Validating the Geographic Edition Software
9. Customizing Switchover and Takeover Actions
A. Standard Geographic Edition Properties
B. Legal Names and Values of Geographic Edition Entities
C. Disaster Recovery Administration Example
E. Troubleshooting Geographic Edition Software
F. Deployment Example: Replicating Data With MySQL
This section describes role-based access control (RBAC) in Geographic Edition software. It contains the following sections:
Geographic Edition software bases its RBAC profiles on the RBAC rights profiles that are used in the Oracle Solaris Cluster software. For general information about setting up and using RBAC with Oracle Solaris Cluster software, refer to Chapter 2, Oracle Solaris Cluster and RBAC, in Oracle Solaris Cluster System Administration Guide.
Geographic Edition software adds the following new RBAC entities to the appropriate file in the /etc/security directory:
RBAC authentication names to auth_attr
RBAC execution profiles to prof_attr
RBAC execution attributes to exec_attr
Note - The default search order for the auth_attr and prof_attr databases is files nis, which is defined in the /etc/nsswitch.conf file. If you have customized the search order in your environment, confirm that files is in the search list. Including files in the search list enables your system to find the RBAC entries that Geographic Edition defined.
The Geographic Edition CLI and GUI use RBAC rights to control end-user access to operations. The general conventions for these rights are described in Table 4-1.
Table 4-1 Geographic Edition RBAC Rights Profiles
|
When you use the Geo Management RBAC rights profile to administer configurations that use Oracle Data Guard or script-based plug-ins, ensure that the correct ACLs for /var/cluster/geo are set on each node of both partner clusters. If necessary, use the following command to set the ACLs:
# chmod A+user:username:rwx:allow /var/cluster/geo
When you grant authorization to users other than superuser, you must do so on all nodes of both partner clusters. Otherwise, some operations that have a global scope might fail, due to insufficient user rights on one or more nodes in the partnership.
To modify the RBAC rights for a user, you must be logged in as superuser or assume a role that is assigned the Primary Administrator rights profile.
For example, you can assign the Geo Management RBAC profile to the user admin as follows:
# usermod -P "Geo Management" admin # profiles admin Geo Management Basic Solaris User #
For more information about how to modify the RBAC properties for a user, refer to Chapter 2, Oracle Solaris Cluster and RBAC, in Oracle Solaris Cluster System Administration Guide.