Oracle® Solaris Cluster Geographic Edition System Administration Guide

Exit Print View

Updated: July 2014, E39667-01

Modifying a User's RBAC Properties

Note -  The RBAC rights for Oracle Solaris Cluster software, including the Geographic Edition framework,are intended to simplify the assignment of management roles and protect against accidental errors. However, a malicious user would be able to abuse RBAC-based cluster administration privileges to gain wider system privileges. Therefore, RBAC rights should be assigned with care.

When you grant authorization to users other than the root role, you must do so on all nodes of both partner clusters. Otherwise, some operations that have a global scope might fail, due to insufficient user rights on one or more nodes in the partnership.

To modify the RBAC rights for a user, you must be logged in as the root role or assume a role that is assigned the System Administrator rights profile.

For example, you can assign the Geo Management RBAC profile to the user admin as follows:

# usermod -P "Geo Management" admin
# profiles admin
Geo Management
Basic Solaris User

For more information about how to modify the RBAC properties for a user, refer to Chapter 2, Oracle Solaris Cluster and RBAC, in Oracle Solaris Cluster System Administration Guide .