Managing authorization for users accessing the cluster

The security concept of System Automation for Multiplatforms is based on the RSCT component RMC, which implements security authorization with an access control list (ACL) file. Specifically, RMC uses the ACL file on a particular node to determine the permissions that a user must have to access resource classes and their resource instances. Since the System Automation resource managers are internally implemented as an RMC application, the same set of ACL control rules must be used to allow non-root users to manage (define, undefine, or change) the System Automation-related resource classes (IBM.ResourceGroup, IBM.ManagedRelationship, IBM.Equivalency, IBM.ManagedResource, IBM.CHARMControl, IBM.Application and IBM.ServiceIP) and to start and stop the corresponding resource groups.

For detailed information about how to set up RMC ACL files, see the following sections in IBM® RSCT Administration Guide:

“Managing user access to resources using RMC ACL files” in Chapter 4 ("Managing and monitoring resources using RMC and resource managers")
“Configuring the global and local authorization identity mappings” in Chapter 7 ("Understanding and administering cluster security services")