About VCS privileges for users with multiple roles

About VCS privileges for users with multiple roles

Prev	About the VCS user privilege model	Next

About VCS privileges for users with multiple roles

VCS privileges for users with multiple roles describes how VCS assigns privileges to users with multiple roles. The scenarios describe user Tom who is part of two OS user groups: OSUserGroup1 and OSUserGroup2.

VCS privileges for users with multiple roles

Situation and rule	Roles assigned in the VCS configuration	Privileges that VCS grants Tom
Situation: Multiple roles at an individual level. Rule: VCS grants highest privileges (or a union of all the privileges) to the user.	Tom: Cluster Administrator Tom: Group Operator	Cluster Administrator.
Situation: Roles at an individual and OS user group level (secure clusters only). Rule: VCS gives precedence to the role granted at the individual level.	Tom: Group Operator OSUserGroup1: Cluster Administrator	Group Operator
Situation: Different roles for different OS user groups (secure clusters only). Rule: VCS grants the highest privilege (or a union of all privileges of all user groups) to the user.	OSUserGroup1: Cluster Administrators OSUserGroup2: Cluster Operators	Cluster Administrator
Situation: Roles at an individual and OS user group level (secure clusters only). Rule: VCS gives precedence to the role granted at the individual level. You can use this behavior to exclude specific users from inheriting VCS privileges assigned to their OS user groups.	OSUserGroup1: Cluster Administrators OSUserGroup2: Cluster Operators Tom: Group Operator	Group Operator

Situation and rule

Roles assigned in the VCS configuration

Privileges that VCS grants Tom

Situation: Multiple roles at an individual level.

Rule: VCS grants highest privileges (or a union of all the privileges) to the user.

Tom: Cluster Administrator

Tom: Group Operator

Cluster Administrator.

Situation: Roles at an individual and OS user group level (secure clusters only).

Rule: VCS gives precedence to the role granted at the individual level.

Tom: Group Operator

OSUserGroup1: Cluster Administrator

Group Operator

Situation: Different roles for different OS user groups (secure clusters only).

Rule: VCS grants the highest privilege (or a union of all privileges of all user groups) to the user.

OSUserGroup1: Cluster Administrators

OSUserGroup2: Cluster Operators

Cluster Administrator

Situation: Roles at an individual and OS user group level (secure clusters only).

Rule: VCS gives precedence to the role granted at the individual level.

You can use this behavior to exclude specific users from inheriting VCS privileges assigned to their OS user groups.

OSUserGroup1: Cluster Administrators

OSUserGroup2: Cluster Operators

Tom: Group Operator

Group Operator

Prev	Up	Next
User privileges for OS user groups for clusters running in secure mode	Home	Administering the cluster from Cluster Manager (Java console)