Managing HP Serviceguard for Linux, Eighth Edition, March 2008
Building an HA Cluster Configuration
Configuring the Cluster
Chapter 5182
Levels of Access
Serviceguard recognizes two levels of access, root and non-root:
• Root access: Full capabilities; only role allowed to configure the
cluster.
As Figure 5-2 shows, users with root access have complete control
over the configuration of the cluster and its packages. This is the only
role allowed to use the cmcheckconf, cmapplyconf, cmdeleteconf,
and cmmodnet -a commands.
In order to exercise this Serviceguard role, you must log in as the
root user (superuser) on a node in the cluster you want to administer.
Conversely, the root user on any node in the cluster always has full
Serviceguard root access privileges for that cluster; no additional
Serviceguard configuration is needed to grant these privileges.
IMPORTANT Users on systems outside the cluster can gain Serviceguard root
access privileges to configure the cluster only via a secure connection
(rsh or ssh).
• Non-root access: Other users can be assigned one of four roles:
— Full Admin: Allowed to perform cluster administration, package
administration, and cluster and package view operations.
These users can administer the cluster, but cannot configure or
create a cluster. Full Admin includes the privileges of the
Package Admin role.
— (all-packages) Package Admin: Allowed to perform package
administration, and use cluster and package view commands.
These users can run and halt any package in the cluster, and
change its switching behavior, but cannot configure or create
packages. Unlike single-package Package Admin, this role is
defined in the cluster configuration file. Package Admin includes
the cluster-wide privileges of the Monitor role.
— (single-package) Package Admin: Allowed to perform package
administration for a specified package, and use cluster and
package view commands.