User privileges for OS user groups in secure clusters
In secure clusters, you can assign privileges to native users individually or at an operating system (OS) user group level.
For example, you may decide that all users that are part of the OS Administrators group get administrative privileges to the cluster or to a specific service group. Assigning a VCS role to a user group assigns the same VCS privileges to all members of the user group, unless you specifically exclude individual users from those privileges.
When you add a user to an OS user group, the user inherits VCS privileges assigned to the user group.
Assigning VCS privileges to an OS user group involves adding the user group in one (or more) of the following attributes:
-
AdministratorGroups—for a cluster or for a service group.
-
OperatorGroups—for a cluster or for a service group.
-
Guests—for a cluster or for a service group.
For example, user Tom belongs to an OS user group: OSUserGroup1. You can assign VCS privileges to user Tom in the following ways:
To assign privileges
|
At an individual level, configure attribute
|
To the OS user group, configure attribute
|
Cluster Administrator
|
cluster (Administrators = {tom@domain})
|
cluster (AdministratorGroups = {OSUserGroup1@domain})
|
Cluster
Operator
|
cluster (Operators = {tom@domain})
|
cluster (OperatorGroups = {OSUserGroup1@domain})
|
Cluster Guest
|
Cluster group_name ( Guests = {tom@domain})
|
cluster group_name (Guests = {OSUserGroup1@domain})
|
Group Administrator
|
group group_name (Administrators = {tom@domain})
|
group group_name (AdministratorGroups = {OSUserGroup1@domain})
|
Group Operator
|
group group_name ( Operators = {tom@domain})
|
group group_name (OperatorGroups = {OSUserGroup1@domain})
|
Group Guest
|
|
group group_name (Guests = {OSUserGroup1@domain})
|