Oracle Solaris Cluster RBAC Rights Profiles

Language:

Selected Oracle Solaris Cluster commands and options that you issue at the command line use RBAC for authorization. Oracle Solaris Cluster commands and options that require RBAC authorization will require one or more of the following authorization levels. Oracle Solaris Cluster RBAC rights profiles apply to nodes in a global cluster.

solaris.cluster.read: Authorization for list, show, and other read operations.
solaris.cluster.admin: Authorization to change the state of a cluster object.
solaris.cluster.modify: Authorization to change properties of a cluster object.

For more information about the RBAC authorization required by an Oracle Solaris Cluster command, see the command man page.

RBAC rights profiles include one or more RBAC authorizations. You can assign these rights profiles to users or to roles to give them different levels of access to Oracle Solaris Cluster. Oracle provides the following rights profiles with Oracle Solaris Cluster software.

Note - The RBAC rights profiles listed in the following table continue to support the old RBAC authorizations as defined in previous Oracle Solaris Cluster releases.

Rights Profile	Includes Authorizations	Role Identity Permission
Oracle Solaris Cluster Commands	None, but includes a list of Oracle Solaris Cluster commands that run with `euid=0`	Execute selected Oracle Solaris Cluster commands that you use to configure and manage a cluster, including the following subcommands for all of the Oracle Solaris Cluster commands: list show status `scha_control` `scha_resource_get` `scha_resource_setstatus` `scha_resourcegroup_get` `scha_resourcetype_get`
Basic Oracle Solaris User	This existing Oracle Solaris rights profile contains Oracle Solaris authorizations, as well as the following:
	`solaris.cluster.read`	Perform list, show, and other read operations for Oracle Solaris Cluster commands, as well as access the Oracle Solaris Cluster Manager GUI.
Cluster Operation	This rights profile is specific to Oracle Solaris Cluster software and contains the following authorizations:
	`solaris.cluster.read`	Perform list, show, export, status, and other read operations., as well as access the Oracle Solaris Cluster Manager GUI.
	`solaris.cluster.admin`	Change the state of cluster objects.
System Administrator	This existing Oracle Solaris rights profile contains the same authorizations that the Cluster Management profile contains.	Perform the same operations that the Cluster Management role identity can perform, in addition to other system administration operations.
Cluster Management	This rights profile contains the same authorizations that the Cluster Operation profile contains, as well as the following authorization:	Perform the same operations that the Cluster Operation role identity can perform, as well as change properties of a cluster object.
	`solaris.cluster.modify`