Serviceguard Manager Version A.04.00 Release Notes, June 2004
Serviceguard Manager Version A.04.00 Release Notes
Installing and Running Serviceguard Manager
Chapter 1 33
• Role: Which commands the user may issue on the cluster where the
policy is configured. There are 4 non-root roles:
— monitor (view, read-only): in cluster configuration file.
This is the only role that does not require a Host with
Serviceguard A.11.16.
— (single package) package admin: defined in that package’s
configuration file
— (all cluster packages) package admin: defined in the cluster
configuration file
— full admin (cluster and its packages): defined in the cluster
configuration file
For more information about access control policies, see the online help for
Configuring Clusters: Roles.
If you upgraded a cluster to Serviceguard A.11.16, its cmclnodelist has
been migrated into Access Control Policies. With A.11.16, cmclnodelist
is gone. If your previous cmclnodelist file listed the pair
<sess.server><user> your cluster configuration now has an Access
Control Policy that lists this triplet:
• USER_NAME <user>
• USER_HOST <sess.serve>
• USER_ROLE Monitor (All migrated pairs have Monitor, the
view-only role.)
If your old cmclnodelist had the wildcard +, the configuration file now
has an Access Control Policy with wildcards in triplet:
• USER_NAME ANY_USER
• USER_HOST ANY_SERVICEGUARD_NODE
• USER_ROLE MONITOR (All migrated pairs have Monitor, the
view-only role.)
Only a root user can modify configuration to change Access Control
Policies. You do not have to halt the cluster, or any packages, to add,
modify, or delete an Access Control Policy.