1. Adding Custom Data to the Oracle Solaris 11.4 StatsStore and System Web Interface
  2. Defining Custom Statistics
  3. Authorizing Access to Resources and Statistics

Authorizing Access to Resources and Statistics

By default, any user can read and record any data in the statistics store. Anyone who is authorized to use your application should be able to browse the data about the application. Some other operations, such as reading sensitive data, are restricted. Table 2-1 provides information you need to authorize access to restricted statistics store operations. The listed operations can be performed by any user that has the associated authorization. See the sstore-security(7) and sstore-authorized-user(7) man pages for more information. The root user or role has all solaris authorizations. Most users do not have these authorizations. You might need to assign alternative authorizations to enable a daemon or application to manipulate certain statistics store data.

You can specify a particular authorization to grant access to any user who has that authorization, or you can authorize specified users. The authorization applies to the node where the authorization is specified in the metadata and to any non-topological descendant nodes. For example, if you specify an authorized user for a class, that user can perform the specified operation on any statistics in that class. If you specify an authorized user for a statistic but not for the class, that user can perform the specified operation only on that statistic, not on other statistics in that class.

You can authorize access for any user who has a specified authorization.

  • Imply a specific required authorization by setting the sensitive or expensive property to true.

  • Specify a required authorization as the value of an sau_op_name_auth property. See the table for values of op_name.

You can authorize access to an operation for specified users.

  • Specify a list of user names as the value of an sau_op_name_username property. See the table for values of op_name. An authorized user can be a human user or a daemon. A user is also called a client.

Table 2-1 Statistics Store Operation Authorizations

Property op_name Authorization Authorized Operation Interface

read_sensitive

solaris.sstore.read.sensitive

Read a sensitive statistic or event.

sstore_data_read(), sstore_batch_data_read(), sstore_info_read(), sstore_batch_info_read(), sstore_namespace_list(), sstore_batch_namespace_list(), sstore export, sstore info, sstore list

capture_sensitive

solaris.sstore.capture.sensitive

Record a sensitive statistic or event.

sstore_data_read(), sstore_batch_data_read(), sstore capture

capture_expensive

solaris.sstore.capture.expensive

Record an expensive statistic or event.

sstore_data_read(), sstore_batch_data_read(), sstore capture

update_res

solaris.sstore.update.res

Add a resource to a class.

sstore_resource_add()

update_res

solaris.sstore.update.res

Deactivate a resource that was created by a previous sstore_resource_add() call.

sstore_resource_remove()

write

solaris.sstore.write

Provide statistic or event data.

sstore_data_attach(), sstore_data_update()

delete

solaris.sstore.delete

Purge statistic or event data.

sstoreadm purge

config

solaris.sstore.configure

Update a collection created by another user.

sstore_collection_write(), sstore_collection_set_state(), sstore_collection_update_ssid(), sstore_collection_delete()