Restricting users to install specific Privileged User Manager modules

  • 7006909
  • 24-Sep-2010
  • 26-Apr-2012

Environment

Novell Privileged User Manager 2.2.1

Situation

Restrict Users from deploying/installing/patching specific patches, modules, or consoles.

Privileged User Manager contains three package types:
Patch (Framework Patch)
Module (any module patch/install)
Console (any GUI console patch/install)

Resolution

Beginning with Privileged User Manager 2.2.1-2, the ability to define User ACL's  was introduced, which enabled administrators to restrict users to install/patch/deploy specific patches, modules or consoles.

This is accomplished by assigning the distrib.acl role.

Home | Framework User Manager | Select desired group and Modify Group | Select Roles |  Add

Manually type in the desired roles.

Module          Role
distrib            acl

When a group is assigned the distrib.acl role,  any attempt to install modules, patches or consoles will require the group to also have the relevant distrib.Module:, distrib.Patch:, or distrib:Console: role, where is the package name of the module, patch or console is appended.

For example, to restrict a user to deploy/install/patch PUM agent packages, they would need the following roles:

distrib            Module:distrib
distrib            Module:regclnt
distrib            Module:strfwd
distrib            Module:rexec
distrib            Patch:spf

Additional Information

All available Modules, Consoles and Patches:

Module:admin
Module:auth
Module:cmdctrl
Module:distrib
Module:msgagnt
Module:pkgman
Module:regclnt
Module:registry
Module:rexec
Module:secaudit
Module:strfwd
Module:sysinfo
Module:syslogemit

Console:help
Console:secaudit
Console:audit
Console:cmdctrl
Console:access
Console:pkgman
Console:servers
Console:report_command

Patch:spf