Environment
Novell Privileged User Manager 2.2.1
Situation
Restrict Users from deploying/installing/patching specific patches, modules, or consoles.
Privileged User Manager contains three package types:
Patch (Framework Patch)
Module (any module patch/install)
Console (any GUI console patch/install)
Privileged User Manager contains three package types:
Patch (Framework Patch)
Module (any module patch/install)
Console (any GUI console patch/install)
Resolution
Beginning with Privileged User Manager 2.2.1-2, the ability to define User ACL's was introduced, which enabled administrators to restrict users to install/patch/deploy specific patches, modules or consoles.
This is accomplished by assigning the distrib.acl role.
Home | Framework User Manager | Select desired group and Modify Group | Select Roles | Add
Manually type in the desired roles.
Module Role
distrib acl
When a group is assigned the distrib.acl role, any attempt to install modules, patches or consoles will require the group to also have the relevant distrib.Module:, distrib.Patch:, or distrib:Console: role, where is the package name of the module, patch or console is appended.
For example, to restrict a user to deploy/install/patch PUM agent packages, they would need the following roles:
distrib Module:distrib
distrib Module:regclnt
distrib Module:strfwd
distrib Module:rexec
distrib Patch:spf
This is accomplished by assigning the distrib.acl role.
Home | Framework User Manager | Select desired group and Modify Group | Select Roles | Add
Manually type in the desired roles.
Module Role
distrib acl
When a group is assigned the distrib.acl role, any attempt to install modules, patches or consoles will require the group to also have the relevant distrib.Module:, distrib.Patch:, or distrib:Console: role, where is the package name of the module, patch or console is appended.
For example, to restrict a user to deploy/install/patch PUM agent packages, they would need the following roles:
distrib Module:distrib
distrib Module:regclnt
distrib Module:strfwd
distrib Module:rexec
distrib Patch:spf
Additional Information
All available Modules, Consoles and Patches:
Module:admin
Module:auth
Module:cmdctrl
Module:distrib
Module:msgagnt
Module:pkgman
Module:regclnt
Module:registry
Module:rexec
Module:secaudit
Module:strfwd
Module:sysinfo
Module:syslogemit
Console:help
Console:secaudit
Console:audit
Console:cmdctrl
Console:access
Console:pkgman
Console:servers
Console:report_command
Patch:spf
Module:admin
Module:auth
Module:cmdctrl
Module:distrib
Module:msgagnt
Module:pkgman
Module:regclnt
Module:registry
Module:rexec
Module:secaudit
Module:strfwd
Module:sysinfo
Module:syslogemit
Console:help
Console:secaudit
Console:audit
Console:cmdctrl
Console:access
Console:pkgman
Console:servers
Console:report_command
Patch:spf