Oracle Solaris Cluster RBAC Rights Profiles
Selected Oracle Solaris Cluster commands
and options that you issue at the command line use RBAC for authorization. Oracle Solaris Cluster commands
and options that require RBAC authorization will require one or more
of the following authorization levels. Oracle Solaris Cluster RBAC rights profiles
apply to nodes in a global cluster.
- solaris.cluster.read
Authorization for list, show, and other read operations.
- solaris.cluster.admin
Authorization to change the state of a cluster object.
- solaris.cluster.modify
Authorization to change properties of a cluster object.
For more information about the RBAC authorization required by
an Oracle Solaris Cluster command, see the command man page.
RBAC rights profiles include one or more RBAC authorizations.
You can assign these rights profiles to users or to roles to give
them different levels of access to Oracle Solaris Cluster. Oracle provides the following
rights profiles with Oracle Solaris Cluster software.
Note - The RBAC rights profiles listed in the following table
continue to support the old RBAC authorizations as defined in previous Oracle Solaris Cluster releases.
| | |
Oracle Solaris Cluster Commands
| None, but includes a list of Oracle Solaris Cluster commands that run with euid=0
| Execute selected Oracle Solaris Cluster commands that you use to configure and
manage a cluster, including the following subcommands for all of the Oracle Solaris Cluster commands: scha_control scha_resource_get scha_resource_setstatus scha_resourcegroup_get scha_resourcetype_get
|
Basic Oracle Solaris User
| This existing Oracle Solaris rights profile contains Oracle
Solaris authorizations, as well as the following:
|
|
| solaris.cluster.read
| Perform list, show, and other read operations for Oracle Solaris Cluster commands, as well as access
the Oracle Solaris Cluster Manager GUI.
|
Cluster Operation
| This rights profile is specific to Oracle Solaris Cluster software and contains
the following authorizations:
|
|
| solaris.cluster.read
| Perform list, show, export, status, and other read operations., as well as access the
Oracle Solaris Cluster Manager GUI.
|
| solaris.cluster.admin
| Change the state of cluster objects.
|
System Administrator
| This existing Oracle Solaris rights profile contains the same
authorizations that the Cluster Management profile contains.
| Perform the same operations that the Cluster Management role
identity can perform, in addition to other system administration operations.
|
Cluster Management
| This rights profile contains the same authorizations that the
Cluster Operation profile contains, as well as the following authorization:
| Perform the same operations that the Cluster Operation role
identity can perform, as well as change properties of a cluster object.
|
| solaris.cluster.modify
|
|
|