BBSA权限控制介绍

 BBSA权限控制结构及各模块工作原理

 

 

2. 权限控制各模块介绍

ACL Policy – A group of Authorizations that is directly tied to one or more objects. Updating the Policy automatically updates the permissions on each object the Policy is tied to. ACL Templates – A group of Authorizations that can be applied to one or more objects, but in a non-persistent manner. Updating the ACL Template does not affect any objects that ACL Template may have been applied to previously. ACL Templates can also be used to define default permissions to objects created by Users within a Role. Authorization Profiles – A group of Authorizations Authorizations Commands – Network Shell (NSH) commands that can be used to limit Users within a Role to specific NSH commands. System Authorizations – Represents a specific action within the Server Automation Console, such as the ability to read, modify, or update a specific type of object. Automation Principals – Used for defining a user credential that that can then be used for accessing external systems. For example, you can create an Automation Principal to leverage Domain Accounts for privilege mapping on Windows servers. LDAP Synchronization – Used to synchronize the RBAC User list with an LDAP-based user registry. Roles-- A grouping of Authorizations and Users. Defines the maximum amount of permissions that Users within that Role can perform. (The Authorizations defined on each object in BladeLogic determines whether or not an action is actually allowed.) Users – Typically represent an actual person logging into BladeLogic, and can be associated with one or more Roles.