Go to main content

Oracle® Solaris Cluster 4.3 System Administration Guide

Exit Print View

Updated: June 2017
 
 

Creating and Assigning a Role With an Oracle Solaris Cluster Management Rights Profile

Use this task to create a new role with an Oracle Solaris Cluster Management rights profile and to assign users to this new role.

How to Create and Assign a Role From the Command Line

  1. Select a method for creating a role:

    • For roles in the local scope, use the roleadd command to specify a new local role and its attributes. For more information, see the roleadd(1M) man page.

    • Alternatively, for roles in the local scope, edit the user_attr file to add a user with type=role. For more information, see the user_attr(4) man page.

      Use this method only for emergencies.

    • For roles in a name service, use the roleadd and rolemod commands to specify the new role and its attributes. For more information, see the roleadd(1M) and rolemod(1M) man pages.

      This command requires authentication by the root role that is capable of creating other roles. You can apply the roleadd command to all name services. This command runs as a client of the Solaris Management Console server.

  2. Start and stop the name service cache daemon.

    New roles do not take effect until the name service cache daemon is restarted. As root, type the following text:

    # /etc/init.d/nscd stop
# /etc/init.d/nscd start
Example 13  Creating a Custom Operator Role by Using the smrole Command

The following sequence demonstrates how a role is created with the smrole command. In this example, a new version of the Operator role is created that has assigned to it the standard Operator rights profile and the Media Restore rights profile.

% su primaryadmin
# /usr/sadm/bin/smrole add -H myHost -- -c "Custom Operator" -n oper2 -a johnDoe \
-d /export/home/oper2 -F "Backup/Restore Operator" -p "Operator" -p "Media Restore"

Authenticating as user: primaryadmin

Type /? for help, pressing <enter> accepts the default denoted by [ ]
Please enter a string value for: password :: <type primaryadmin password>

Loading Tool: com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost
Login to myHost as user primaryadmin was successful.
Download of com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost was successful.

Type /? for help, pressing <enter> accepts the default denoted by [ ]
Please enter a string value for: password ::<type oper2 password>

# /etc/init.d/nscd stop
# /etc/init.d/nscd start

To view the newly created role (and any other roles), use smrole with the list option, as follows:

# /usr/sadm/bin/smrole list --
Authenticating as user: primaryadmin

Type /? for help, pressing <enter> accepts the default denoted by [ ]
Please enter a string value for: password :: <type  primaryadmin password>

Loading Tool: com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost
Login to myHost as user primaryadmin was successful.
Download of com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost was successful.
root                    0               Super-User
primaryadmin            100             Most powerful role
sysadmin                101             Performs non-security admin tasks
oper2                   102             Custom Operator
Copyright © 2000, 2017, Oracle and/or its affiliates. All rights reserved. 
Previous
Next