Summary
Question
How do you define the variables which are being used in KM01848417
Answer
Is it possible to configure what can be distributed to a list of managed nodes? See KM01848417 for more information
Yes, it is possible to assign authorization rights for each type of server, manager, action allow and secondary manager for configuraton and deploy.
Manager [sec.core.auth.mapping.manager]
ActionAllow [sec.core.auth.mapping.actionallow]
Secondary manager [sec.core.auth.mapping.secondary]
Authorization levels:
Install policy 0x1
Remove policy 0x2
Enable policy 0x4
Disable policy 0x8
List policy 0x10
Update header 0x20
Read config settings 0x40
Write config settings 0x80
Sign Policy 0x100
So, in binary, decide what functions you want for "conf" to do. Starting from the top down, specify 0 to disable functionality and 1 to enable. This then gives the following:
= 1 1 1 1 1 1 1 1 1 = 511 everything
= 0 0 1 1 1 0 0 0 0 = 112 enable policy/disable/list policy
= 0 0 1 0 1 0 0 0 0 = 80 enable policy/list policy
= 0 0 0 0 0 0 0 0 0 = 0 Nothing
You add the following configuration variables into the local configuration namespace:
# ovconfchg -ns sec.core.auth.mapping.manager -set conf 112
You can find more information in /opt/OV/misc/xpl/config/defaults/conf.ini