Set Up Federated Security Wizard: Create roles

Use this page to create security roles for the cluster.

Fields

Use this page to configure one or more security roles for PowerHA® SystemMirror, which are based on AIX® role based access control (RBAC) roles. The Roles page is available only if Lightweight Directory Access Protocol (LDAP) is currently configured for the cluster, either by previous use of this wizard or by another means.

Note: Any role that you define in the wizard is not available to assign to a user until you finish the wizard. You can then assign the new role to a user from the Federated Security pages in Cluster Management.
start of changeRole nameend of change
Specify a unique name for the role to be created. The name must consist of 1 - 63 characters. You cannot use any of the following characters in the name: colon (:), single quotation mark (’), double quotation mark ("), number sign (#), comma (,), equal sign (=), forward slash (/), backslash (\), or a space ( ).
Role ID
start of changeSpecify a unique numeric identifier for the role. The role ID must be a positive integer. If you do not specify an ID, one is assigned for you. end of change
Description
start of changeSpecify a short description of the role. If a message catalog message is not available, the value that you specify is the default description message that is displayed for the role. end of change
Message catalog
start of changeSpecify the file name of an existing message catalog that contains optional one-line descriptions of system roles. This catalog, in conjunction with the message ID that you specified, provides a method to use a specific existing description for the role instead of the default value that you specified for the Description property. end of change
Message set
Indicates the name of the message set that contains the role description in the message catalog that you specified. If you specify a message set, you must provide a value for the start of changeMessage numberend of change property.
start of changeMessage value end of change
start of changeSpecify the message identification number of the role description from the message catalog that you specified. This value must be a positive integer, and must be a valid message ID number within the specified message catalog.end of change
Visibility
Select the visibility status of the role to the system. You can select one of the following values:start of change
Visable and authorizations enabled
This role is enabled, displayed, and selectable. Authorizations contained in this role are applied to the user to whom you assign the role. This option is the default value.
Hidden and authorizations enabled
This role is enabled, but is not selectable through a visual interface. Authorizations contained in this role are applied to the user that you assign to the role.
Hidden and authorizations disabled
This role is disabled and is not selectable through a visual interface. Authorizations contained in this role are not applied to the user that you assign to the role.
end of change
start of changeAvailable authorizationsend of change
start of changeSelect one or more authorizations to assign to this role. Click Add to move them to the Selected authorizations list. PowerHA SystemMirror users that you assign to this role acquire these authorizations, in addition to any authorizations for the roles that you select in the Available roles list. To remove an authorization from the Selected authorizations list, select the authorization and click Remove to return the group to the Available authorizations list.end of change
start of changeAvailable groupsend of change
start of changeSelect one or more groups to which a user must belong to effectively use this role. Click Add to move them to the Selected groups list. You must add the user to each group in this list for this role to be effective. To remove a group from the Selected groups list, select the group and click Remove to return the group to the Available groups list.end of change
start of changeAvailable rolesend of change
start of changeSelect one or more RBAC roles, and the authorizations that they provide, to assign to this role. Click Add to move them to the Selected roles list. For example, you select role1 and role2. When you assign this role to a user, you also are assigning role1 and role2 to that user. To remove a role from the Selected roles list, select the role and click Remove to return the role to the Available roles list.end of change

Actions

Add Another
Click Add Another to add another set of property fields so that you can configure another role.
Remove
Click Remove to remove a configured role and to remove all content from the property fields for that role.