Managing authorization for users accessing the cluster
The security concept of System Automation for Multiplatforms is based
on the RSCT component RMC, which implements security authorization with an access control list
(ACL) file. Specifically, RMC uses the ACL file on a particular node to determine the permissions
that a user must have to access resource classes and their resource instances. Since the System
Automation resource managers are internally implemented as an RMC application, the same set of
ACL control rules must be used to allow non-root users to manage (define, undefine, or change)
the System Automation-related resource classes (IBM.ResourceGroup
,
IBM.ManagedRelationship
, IBM.Equivalency
,
IBM.ManagedResource
, IBM.CHARMControl
,
IBM.Application
and IBM.ServiceIP
) and to start and stop the
corresponding resource groups.
- “Managing user access to resources using RMC ACL files” in Chapter 4 ("Managing and monitoring resources using RMC and resource managers")
- “Configuring the global and local authorization identity mappings” in Chapter 7 ("Understanding and administering cluster security services")