Manualshelf

Managing HP Serviceguard for Linux Ninth Edition, April 2009

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux RH AS ProLiant Cluster
171172173174175176177178179180
user on any node in the cluster always has full Serviceguard root access privileges
for that cluster; no additional Serviceguard configuration is needed to grant these
privileges.
IMPORTANT: Users on systems outside the cluster can gain Serviceguard root
access privileges to configure the cluster only via a secure connection (rsh or ssh).
Non-root access: Other users can be assigned one of four roles:
Full Admin: Allowed to perform cluster administration, package administration, and
cluster and package view operations.
These users can administer the cluster, but cannot configure or create a cluster.
Full Admin includes the privileges of the Package Admin role.
(all-packages) Package Admin: Allowed to perform package administration, and
use cluster and package view commands.
These users can run and halt any package in the cluster, and change its switching
behavior, but cannot configure or create packages. Unlike single-package
Package Admin, this role is defined in the cluster configuration file. Package
Admin includes the cluster-wide privileges of the Monitor role.
(single-package) Package Admin: Allowed to perform package administration for
a specified package, and use cluster and package view commands.
These users can run and halt a specified package, and change its switching
behavior, but cannot configure or create packages. This is the only access role
defined in the package configuration file; the others are defined in the cluster
configuration file. Single-package Package Admin also includes the cluster-wide
privileges of the Monitor role.
Monitor: Allowed to perform cluster and package view operations.
These users have read-only access to the cluster and its packages.
IMPORTANT: A remote user (one who is not logged in to a node in the cluster,
and is not connecting via rsh or ssh) can have only Monitor access to the cluster.
(Full Admin and Package Admin can be configured for such a user, but this usage
is deprecated. As of Serviceguard A.11.18 configuring Full Admin or Package
Admin for remote users gives them Monitor capabilities. See “Setting up
Access-Control Policies” (page 178) for more information.)
Setting up Access-Control Policies
The root user on each cluster node is automatically granted the Serviceguard root access
role on all nodes. (See “Configuring Root-Level Access” (page 149) for more information.)
Access-control policies define non-root roles for other cluster users.
178 Building an HA Cluster Configuration