红帽全球峰会2.2. Granting HA Cluster Management permissions
Each cluster can have a different set of permissions used for its administration. A user with administrative access or full permissions can grant full permissions to other users and groups for the HA Cluster Management web console add-on.
The following table summarizes the cluster management permissions you can grant for the HA Cluster Management web console add-on.
| Permission | Allowed administrative task |
|---|---|
| Read | Viewing cluster settings. |
| Write | Modifying all cluster settings except permissions and ACLs. Does not allow adding nodes and creating clusters. |
| Grant | Modifying ACLs and granting read, write, and grant permissions. |
| Full | Performing all cluster management except adding nodes or creating clusters. |
Prerequisites
- You have installed and enabled the HA Cluster Management add-on for the RHEL web console, as described in Installing and enabling the HA Cluster Management add-on for the RHEL web console.
- You have created a cluster for which you want to manage permissions and it has been added to the cluster list in the HA Cluster Management add-on.
Procedure
Log in to the RHEL web console with an account that has sudo access to the system and ensure that you are in administrative access mode. For information about administrative access mode, see Administrative access in the web console in the "Managing systems in the RHEL web console" document.
Alternatively, log into the RHEL web console with an account that has grant permissions for the cluster you want to manage. The account must be a member of the
haclientgroup to see the HA Cluster Management web console add-on in limited access mode.- Select a cluster for which you want to manage permissions from the cluster list.
- In the cluster detail, click the Permissions tab on the top of the page and select .
- Add, remove, or edit the permissions for a user or group.
-
By default, any user with an account that is a member of the
haclientgroup has read, write and grant permissions. From the Permissions page you can remove this permission if you have administrative access in the web console or if you have grant permissions.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}