Managing HP Serviceguard for Linux, Eighth Edition, March 2008
Building an HA Cluster Configuration
Configuring the Cluster
Chapter 5180
Controlling Access to the Cluster
Serviceguard access-control policies define cluster users’
administrative or monitoring capabilities.
A Note about Terminology
Although you will also sometimes see the term role-based access
(RBA) in the output of Serviceguard commands, the preferred set of
terms, always used in this manual, is as follows:
• Access-control policies - the set of rules defining user access to the
cluster.
— Access-control policy - one of these rules, comprising the three
parameters USER_NAME, USER_HOST, USER_ROLE. See “Setting up
Access-Control Policies” on page 184.
• Access roles - the set of roles that can be defined for cluster users
(Monitor, Package Admin, Full Admin).
— Access role - one of these roles (for example, Monitor).
How Access Roles Work
Serviceguard daemons grant access to Serviceguard commands by
matching the command user’s hostname and username against the
access control policies you define. Each user can execute only the
commands allowed by his or her role.
The diagram that shows the access roles and their capabilities. The
innermost circle is the most trusted; the outermost the least. Each role
can perform its own functions and the functions in all of the circles
outside it. For example Serviceguard Root can perform its own
functions plus all the functions of Full Admin, Package Admin and
Monitor; Full Admin can perform its own functions plus the functions of
Package Admin and Monitor; and so on.