Managing HP Serviceguard for Linux, Sixth Edition, August 2006
Building an HA Cluster Configuration
Preparing Your Systems
Chapter 5 131
NOTE You do not have to halt the cluster or package to configure or modify
access control policies.
For example:
USER_NAME john
USER_HOST bit
USER_ROLE PACKAGE_ADMIN
If these policies are defined in the cluster configuration file, it grants the
PACKAGE_ADMIN role for any package to user john on node bit. User john
also has the MONITOR role for the entire cluster.
If this policy is defined in the package configuration for PackageA, then
user john from node bit has PACKAGE_ADMIN role only for PackageA.
User john also has the MONITOR role for the entire cluster.
You will not be allowed to configure any specific roles that overlap. For
example, user john cannot be explicitly given two roles. Serviceguard
will fail applying the configuration with an error if you do. It is
acceptable for ANY_USER and john to be given different roles.
For example, in the cluster configuration file:
# Policy 1
USER_NAME john
USER_HOST bit
USER_ROLE PACKAGE_ADMIN
# Policy 2
USER_NAME john
USER_HOST bit
USER_ROLE MONITOR