Use this page to create security roles for the cluster.
Fields
Use this page to configure one or
more security roles for PowerHA® SystemMirror, which are
based on AIX® role based access
control (RBAC) roles. The Roles page is available only if Lightweight
Directory Access Protocol (LDAP) is currently configured for the cluster,
either by previous use of this wizard or by another means.
Note: Any role that you define in the wizard is not available
to assign to a user until you finish the wizard. You can then assign
the new role to a user from the Federated Security pages in Cluster
Management.
Role name
- Specify a unique name for the role to be created.
The name must consist of 1 - 63 characters. You cannot use any of
the following characters in the name: colon (:), single quotation
mark (’), double quotation mark ("), number sign (#), comma (,), equal
sign (=), forward slash (/), backslash (\), or a space ( ).
- Role ID
Specify a unique numeric identifier for the role. The
role ID must be a positive integer. If you do not specify an ID, one
is assigned for you. 
- Description
Specify a short description of the role. If a message
catalog message is not available, the value that you specify is the
default description message that is displayed for the role. 
- Message catalog
Specify the file name of an existing message catalog
that contains optional one-line descriptions of system roles. This
catalog, in conjunction with the message ID that you specified, provides
a method to use a specific existing description for the role instead
of the default value that you specified for the Description property. 
- Message set
- Indicates the name of the message set that contains the role description
in the message catalog that you specified. If you specify a message
set, you must provide a value for the
Message
number
property.
Message value 
Specify the message identification number of the role
description from the message catalog that you specified. This value
must be a positive integer, and must be a valid message ID number
within the specified message catalog.
- Visibility
- Select the visibility status of the role to the system. You can
select one of the following values:

- Visable and authorizations enabled
- This role is enabled, displayed, and selectable. Authorizations
contained in this role are applied to the user to whom you assign
the role. This option is the default value.
- Hidden and authorizations enabled
- This role is enabled, but is not selectable through a visual interface.
Authorizations contained in this role are applied to the user that
you assign to the role.
- Hidden and authorizations disabled
- This role is disabled and is not selectable through a visual interface.
Authorizations contained in this role are not applied to the user
that you assign to the role.
Available authorizations
Select one or more authorizations to assign
to this role. Click Add to move them to the Selected
authorizations list. PowerHA SystemMirror users that
you assign to this role acquire these authorizations, in addition
to any authorizations for the roles that you select in the Available
roles list. To remove an authorization from the Selected
authorizations list, select the authorization and click Remove to
return the group to the Available authorizations list.
Available groups
Select one or more groups to which a user
must belong to effectively use this role. Click Add to
move them to the Selected groups list. You
must add the user to each group in this list for this role to be effective.
To remove a group from the Selected groups list,
select the group and click Remove to return
the group to the Available groups list.
Available roles
Select one or more RBAC roles, and the authorizations
that they provide, to assign to this role. Click Add to
move them to the Selected roles list. For example,
you select role1 and role2.
When you assign this role to a user, you also are assigning role1 and role2 to
that user. To remove a role from the Selected roles list,
select the role and click Remove to return
the role to the Available roles list.
Actions
- Add Another
- Click Add Another to add another set of
property fields so that you can configure another role.
- Remove
- Click Remove to remove a configured role
and to remove all content from the property fields for that role.