Skip to main content

3.5.3 Types of User Privilege


3.5.3 Types of User Privilege
When registering a user account locally in the XSCF, set user privileges for the account. The purposes of granting user privileges to user accounts are to:
  1. Provide the system administrator with operational privileges for the whole server
  2. Limit operations to a given physical partition
  3. Manage user accounts
  4. Configure auditing
  5. Limit server operations by field engineers
Multiple user privileges can be set for one user account. Grant user privileges to the account according to the user environment and purpose. Table 3-6 lists user privileges.
Table 3-6  User Privileges
User Privilege Outline Description of Privilege
pparop@n Reference all statuses of a specific physical partition.
- Allowed to reference all statuses of the hardware mounted on a specific physical partition (PPAR-ID:n).

- Allowed to reference all statuses of a specific physical partition (PPAR-ID:n).
pparmgr@n Allowed to operate power supply and reference only status of a specific physical partition.
- Allowed to power on/off and reboot a specific physical partition (PPAR-ID:n).

- Allowed to reference all statuses of the hardware mounted on a specific physical partition (PPAR-ID:n).

- Allowed to reference all statuses of a specific physical partition (PPAR-ID:n).
pparadm@n Allowed only to manage a specific physical partition.
- Allowed to control all hardware mounted on a specific physical partition (PPAR-ID:n).

- Allowed to reference all statuses of the hardware mounted on a specific physical partition (PPAR-ID:n).

- Allowed to control all specific physical partitions (PPAR-ID:n).

- Allowed to reference all statuses of a specific physical partition (PPAR-ID:n).
platop Refer to the status of the whole system. Can refer to all the statuses of the server but cannot change any of them.
platadm Manage the whole system.
- Can perform all hardware operations for the system.

- Can manipulate all XSCF settings except those requiring the useradm and XSCF audit privileges.

- Can add/delete hardware in the physical partition.

- Can perform power operations for the physical partition.

- Can refer to all of the statuses of the server.
useradm Manage user accounts.
- Can create, delete, enable, and disable user accounts.

- Can change user passwords and password profiles.

- Can change user privileges.
auditop Refer to the audit status. Can refer to the XSCF audit status and audit methods.
auditadm Control auditing.
- Can control XSCF auditing.

- Can delete XSCF audit methods.
fieldeng Allow use by field engineers. Permits field engineers to only be able to perform maintenance work and change device configurations.
none You do not have user privilege. When a user account stored in the XSCF is set to none, the user privilege of the user account is not looked up in the LDAP. Therefore, even if a user privilege has been set to the user account in the LDAP, the privilege is regarded as "none."
A user privilege for a target physical partition has "@PPAR number" appended after the user privilege name. (e.g., pparadm for PPAR-ID 01 becomes pparadm@1)

One user account can have privileges to multiple physical partitions, including the intended physical partition. For details of user privilege settings, see the setprivileges(8) command man page or the Fujitsu SPARC M12 and Fujitsu M10/SPARC M10 XSCF Reference Manual.