start of change

Create a security role for a cluster

Use this task to create a PowerHA® SystemMirror security role for the cluster.

PowerHA SystemMirror security roles are based on AIX® role based access control (RBAC) roles. This task is available only if you configured a Lightweight Directory Access Protocol (LDAP) registry.

Fields

Provide the following information for the new role:

Name
Specify a unique name for the role to be created. The name must consist of 1 - 63 characters. You cannot use any of the following characters in the name: colon (:), single quotation mark (’), double quotation mark ("), number sign (#), comma (,), equal sign (=), forward slash (/), backslash (\), or a space ( ).
Role ID
start of changeSpecify a unique numeric identifier for the role. The role ID must be a positive integer. If you do not specify an ID, one is assigned for you. end of change
Description
start of changeSpecify a short description of the role. If a message catalog message is not available, the value that you specify is the default description message that is displayed for the role. end of change
Message catalog
start of changeSpecify the file name of an existing message catalog that contains optional one-line descriptions of system roles. This catalog, in conjunction with the message ID that you specified, provides a method to use a specific existing description for the role instead of the default value that you specified for the Description property. end of change
start of changeMessage value end of change
start of changeSpecify the message identification number of the role description from the message catalog that you specified. This value must be a positive integer, and must be a valid message ID number within the specified message catalog.end of change
Message set
Indicates the name of the message set that contains the role description in the message catalog that you specified. If you specify a message set, you must provide a value for the start of changeMessage numberend of change property.
Visibility
Select the visibility status of the role to the system. You can select one of the following values:start of change
Visable and authorizations enabled
This role is enabled, displayed, and selectable. Authorizations contained in this role are applied to the user to whom you assign the role. This option is the default value.
Hidden and authorizations enabled
This role is enabled, but is not selectable through a visual interface. Authorizations contained in this role are applied to the user that you assign to the role.
Hidden and authorizations disabled
This role is disabled and is not selectable through a visual interface. Authorizations contained in this role are not applied to the user that you assign to the role.
end of change
start of changeAvailable authorizationsend of change
start of changeSelect one or more authorizations to assign to this role. Click Add to move them to the Selected authorizations list. PowerHA SystemMirror users that you assign to this role acquire these authorizations, in addition to any authorizations for the roles that you select in the Available roles list. To remove an authorization from the Selected authorizations list, select the authorization and click Remove to return the group to the Available authorizations list.end of change
start of changeAvailable groupsend of change
start of changeSelect one or more groups to which a user must belong to effectively use this role. Click Add to move them to the Selected groups list. You must add the user to each group in this list for this role to be effective. To remove a group from the Selected groups list, select the group and click Remove to return the group to the Available groups list.end of change
start of changeAvailable rolesend of change
start of changeSelect one or more RBAC roles, and the authorizations that they provide, to assign to this role. Click Add to move them to the Selected roles list. For example, you select role1 and role2. When you assign this role to a user, you also are assigning role1 and role2 to that user. To remove a role from the Selected roles list, select the role and click Remove to return the role to the Available roles list.end of change
end of change