1.2.15 User Privileges

User privileges control the actions performed by Exascale users.

Each Exascale user is subject to a set of user privileges, which govern the actions that the user is allowed to perform.

User privileges are assigned to users by using the ESCLI mkuser or chuser commands.

There are four types of Exascale user privileges, and any user may hold privileges across multiple privilege types. The following list describes the privilege types and the available user privileges:

• Cluster Level Storage Privileges primarily govern the administration actions that the receiving user is allowed to perform on storage resources in the Exascale cluster. Typically, cluster level storage privileges are only assigned to users that administer the Exascale cluster. A user may hold zero or one of the following cluster level storage privileges:

  • cl_monitor: Enables the receiving user to monitor the Exascale cluster by performing list operations using ESCLI and CELLCLI

  • cl_operator: Includes the cl_monitor privileges and also enables the receiving user to:

    • Manage pool disks (create, drop, online, offline)

    • Manage software services (list, startup, shutdown, restart, delete)

    • Manage the trust store

  • cl_admin: A special system administrator privilege that includes the cl_operator privileges and all of the privileges from the other privilege types; namely:

    • All of the cluster level user privileges: user_create, system_restore, and on_behalf_of

    • All of the vault top-level privileges through vlt_manage

    • All of the service privileges: cellsrv, egs, ers, syseds, usreds, bsm, and bsw

    This privilege also enables the receiving user to:

    • Grant any privilege to any user

    • Reset a key for any user

    • Create and delete storage pools

    • View extent map information

• Cluster Level User Privileges govern the administration actions that the receiving user is allowed to perform on the Exascale cluster. Typically, cluster level user privileges are only assigned to users that administer the Exascale cluster. A user may hold zero or more of the following cluster level privileges:

  • user_create: Enables the receiving user to create new users in the cluster.
  • system_restore: Enables the receiving user to restore an Exascale backup.

  • on_behalf_of: A special privilege that enables the receiving user to send a request to Exascale control services (ERS) on behalf of another user.

    For example, consider a user that sends a request to ERS, which involves an action that must be performed by another Exascale service. In this case, ERS uses this privilege to forward the action to the other Exascale service on behalf of the original end user.

    Typically, this privilege is only assigned to the internal administration accounts that reside on each Exascale node.

• Vault Top-Level Privileges govern the actions that the receiving user is allowed to perform on all vaults and files. Typically, vault top-level privileges are assigned to users that use and manage files in Exascale vaults. A user may hold zero or one of the following vault top-level privileges:

  • vlt_inspect: Enables the receiving user to create new vaults. The receiving user also gets complete control over files created in those vaults. This privilege is assigned to new users by default

  • vlt_read: Includes the vlt_inspect privileges and also enables the receiving user to list all existing vaults, display attributes for any vault, create files in any vault, list files in any vault, and display attributes for any file

  • vlt_use: Includes the vlt_read privileges and also enables the receiving user to open any file for reading

  • vlt_manage: Includes the vlt_use privileges and also enables the receiving user to open any file for read and write, alter any vault or file, and drop vaults and files

  Vault top-level privileges work in addition to access control lists (ACLs). To perform an action on a vault or file, a user requires the appropriate vault top-level privilege or the appropriate ACL privilege. See Vault and File Access Control.

• Service Privileges govern the Exascale software services that the receiving user is allowed to run. Typically, service privileges are only assigned to the internal node-specific administration accounts that reside on each Exascale node. A user may hold zero or more of the following service privileges:

  • cellsrv: Enables the receiving user to run the core Exadata cell services

  • egs: Enables the receiving user to run Exascale cluster services (also known as Exascale Global Services)

  • ers: Enables the receiving user to run Exascale control services (also known as Exascale RESTful Services)

  • syseds: Enables the receiving user to run the system vault manager service

  • usreds: Enables the receiving user to run the user vault manager service

  • bsm: Enables the receiving user to run the block storage manager service

  • bsw: Enables the receiving user to run the block storage worker service

  • edv: Enables the receiving user to run the Exascale Direct Volume service.

Additionally, no_privilege is a special privilege that removes all privileges from the receiving user. When it is assigned to a user, no_privilege cannot be combined with any other privilege.