Do+Able Products 12347 Uživatelský manuál stáhnout pdf (Strana 28)

Hardware Management Console Best Practices

- 28 -

# create a resource role for a managed system and LPAR

# resource type; note that the managed system includes

# the LPARs, so adding ALL_PARTITIONS is redundant

hscroot@myhost:~> mkaccfg -t resourcerole -i

"name=groupies,resources=cec:root/ibmhscS1_0\|9406-

520*10007CA\|IBMHSC_ComputerSystem,lpar:root/ibmhscS1_

0\|ALL_PARTITIONS*9406-520*10007CA\|IBMHSC_Partition"

# create a customized task role based on hmcoperator

# only the lshwres and lssyscfg CLI commands are

accessible

hscroot@myhost:~> mkaccfg -t taskrole -i

name=buttered_role,parent=hmcoperator,resources=cec:ls

hwres+lssyscfg

Note that in the above example creating a task role, configuration data was given.

A configuration file could have been passed as an attribute instead. The

configuration file containing the configuration information creates the access

control role. The format for this file must be in comma separated value (CSV)

format. A line feed (<LF>) marks the end of a record. There can only be one

configuration record in the file.

For each particular HMC version, the defined set of tasks can not change. From

version to version, the set of tasks may change - the newer version of HMC may

add new tasks or remove existing tasks. An installation from Recovery media

wipes out all existing role data stored on the HMC, so it’s important that upgrade

data be saved before performing the upgrade.

In an HMC upgrade installation (from Recovery media or an upgrade zip file),

predefined role definitions will be updated as appropriate. Customized roles will

remain unchanged. While it’s unlikely that all tasks supported by a customized

role will be removed in an upgrade, should that happen the user with this task role

will only be able to login and nothing more. The same follows if all tasks

assigned to a task role were removed from that role by an hmcsuperadmin

user. Similarly, if all task roles assigned to a user are deleted by an

hmcsuperadmin user, that user ID will remain, but will be made ineffective.

The GUI will show no task role when viewing the user’s profile, and the CLI will

give output like the following:

hscroot@myhost:~> lshmcusr --filter names=noTaskRole

-Ftaskrole

Undefined

1 2 ... 23 24 25 26 27 28 29 30 31 32 33 ... 56 57

Žádné komentáře

Do+Able Products 12347 Uživatelský manuál Strana 28