User privileges for OS user groups for clusters running in secure mode


User privileges for OS user groups for clusters running in secure mode
Prev	About the VCS user privilege model	Next

For clusters that run in secure mode, you can assign privileges to native users individually or at an operating system (OS) user group level.

For example, you may decide that all users that are part of the OS administrators group get administrative privileges to the cluster or to a specific service group. Assigning a VCS role to a user group assigns the same VCS privileges to all members of the user group, unless you specifically exclude individual users from those privileges.

When you add a user to an OS user group, the user inherits VCS privileges assigned to the user group.

Assigning VCS privileges to an OS user group involves adding the user group in one (or more) of the following attributes:

AdministratorGroups - for a cluster or for a service group.
OperatorGroups - for a cluster or for a service group.

For example, user Tom belongs to an OS user group: OSUserGroup1.

Table: To assign user privileges shows how to assign VCS privileges.

Table: To assign user privileges

To assign privileges	At an individual level, configure attribute	To the OS user group, configure attribute
Cluster administrator	cluster (Administrators = {tom@domain})	cluster (AdministratorGroups = {OSUserGroup1@domain})
Cluster operator	cluster (Operators = {tom@domain})	cluster (OperatorGroups = {OSUserGroup1@domain})
Cluster guest	Cluster (Guests = {tom@domain})	Not applicable
Group administrator	group group_name (Administrators = {tom@domain})	group group_name (AdministratorGroups = {OSUserGroup1@domain})
Group operator	group group_name (Operators = {tom@domain})	group group_name (OperatorGroups = {OSUserGroup1@domain})
Group guest	Cluster (Guests = {tom@domain})	Not applicable

Prev	Up	Next
How administrators assign roles to users	Home	VCS privileges for users with multiple roles