When you use the Authorization Console to configure role-based authorization, note the following:
Multiple clusters can share a single authorization database, but the object names must be unique.
When you modify security entities using the Authorization Console, the modifications are immediately available to clusters that use the associated authorization database; that is, the authorization database to which you are connected in the Authorization Console.
All command and control (CNC) requests are authorized by the e-Biz Impact server.
e-Biz Impact version 5.4.2 and later limit the scope of commands to only cluster-defined objects.
Object names must be unique within any authorization database.
Clusters that use security must have all clusters (managers), controllers, and SFM objects defined in the Configurator and represented in the authorization database.
A role assigned to the Manager Administration, Controller Administration, or SFM Administration group can only authorize users if the objects against which they are executed are defined in the security database.
A role assigned to a Manager object and the Manager Administration group authorizes execution of all commands against a cluster, any children controllers, and SFMs.
A role assigned to a Controller object and the Controller Administration group authorizes execution of all commands against a cluster’s controllers and any children SFMs.
A role assigned to an SFM object and the SFM Administration group authorizes execution of all commands against a cluster’s SFM.
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
