1. Adding Custom Data to the Oracle Solaris 11.4 StatsStore and System Web Interface
  2. Defining Custom Statistics
  3. Authorizing Access to Resources and Statistics
  4. Restricting Capture of Data that is Expensive to Capture

Restricting Capture of Data that is Expensive to Capture

If capturing certain statistic data has a high cost in system resources, you might want to restrict who can capture that data. For example, using DTrace scripts to record statistic data often has a high cost in system resources.

To restrict who can capture data that is costly to capture, mark the data costly by specifying the expensive property with the value true. Statistics and events that have the expensive property set to true require a user to have the solaris.sstore.capture.expensive authorization to capture the data. A user that has the solaris.sstore.capture.expensive authorization can record data values of any statistic in the statistics store except statistics that are sensitive as described in Restricting Access to Sensitive Data.

To enable access by other users who need to record this data, specify an alternative authorization that is more targeted to this data, or specify particular users that are authorized to record this data.

To specify an alternative authorization that enables a user to record particular expensive data, specify the sau_capture_expensive_auth property with the alternative authorization as the value. The value of this property can be a list of authorizations.

To enable a specified user to record particular expensive data even if the user has none of the required authorizations, specify the sau_capture_expensive_username property with the user name as the value. The value of this property can be a list of user names.

Note:

Even if you specify alternative authorizations or authorized users, you must still set the expensive property to true.

Example 2-3 Specifying Which Users Can Record Particular Expensive Data

The following partial metadata for a statistic that is expensive to record enables the following users to record values of this statistic:

  • Any user that has the solaris.sstore.capture.expensive authorization

  • Any user that has the solaris.system.sysevent.write authorization

  • The authorizeduser1 user 

{
  "expensive" : true,
  "sau_capture_expensive_auth" : "solaris.system.sysevent.write",
  "sau_capture_expensive_username" : "authorizeduser1"
}

Example 2-4 Specifying Users Who Can Record Data that is Sensitive and Expensive

A statistic could be both sensitive and expensive. The following partial metadata for a statistic restricts the ability to capture values of this statistic to the following users:

  • Any user that has the solaris.sstore.capture.sensitive authorization

  • Any user that has the solaris.sstore.capture.expensive authorization

  • Any user that has the solaris.system.sysevent.write authorization

  • The authorizeduser1 user 

{
  "sensitive" : true,
  "expensive" : true,
  "sau_capture_sensitive_auth" : "solaris.system.sysevent.write",
  "sau_capture_sensitive_username" : "authorizeduser1",
  "sau_capture_expensive_auth" : "solaris.system.sysevent.write",
  "sau_capture_expensive_username" : "authorizeduser1"
}