J.1 Division of roles when operating JP1/Base
To change the environment settings of JP1/Base or execute certain commands, users need to have the right permissions for the OS and products related to JP1/Base. This means that JP1/Base administrators cannot perform every task traditionally performed by the JP1/Base system administrator. The division of roles is as follows:
- JP1/Base system administrator
-
-
Working with the operating system
-
Setting up the JP1/Base environment
-
Troubleshooting JP1/Base
-
- JP1/Base administrator
-
-
Tasks related to JP1/Base operation that are not the responsibility of the JP1/Base system administrator
-
The following figure shows how JP1/Base is used when the settings that allow JP1/Base administrators to perform operations are enabled.
|
|
![[Figure]](GRAPHICS/ZU990900.GIF)
The following tables describe the roles of the JP1/Base system administrator and JP1/Base administrators in detail.
|
No. |
Function |
|
|---|---|---|
|
1 |
OS operations |
Network-related settings such as hosts information |
|
2 |
Allocating shared directories and assigning the appropriate update permissions to JP1/Base administrators (when using JP1/Base on a logical host) |
|
|
3 |
Registering JP1/Base with cluster software (when using JP1/Base in a cluster environment) |
|
|
4 |
Settings that allow JP1/Base administrators to perform operations |
Creating the JP1 administrators group |
|
5 |
Assigning OS users to the JP1 administrators group |
|
|
6 |
Setting up the JP1/Base environment |
Installing JP1/Base |
|
7 |
Uninstalling JP1/Base |
|
|
8 |
Migrating command execution log files (jcocmdconv command) |
|
|
9 |
Enabling the JP1/Base administrator role (jbssetadmingrp command) |
|
|
10 |
Executing commands managed by HNTRLib that are intended for root users |
|
|
11 |
Deleting resources used by ISAM (Jisrsdel command) |
|
|
12 |
Increasing or decreasing the number of entries in lock tables (Jislckext command) |
|
|
13 |
Troubleshooting JP1/Base |
Forcibly shutting down all logical hosts (jbs_killall.cluster command) |
|
14 |
Collecting resources (jbs_log.sh command)# |
|
#: The jbs_log.sh command for collecting data can also be executed by a JP1/Base administrator. However, the data collection tool does not have sufficient rights to collect the following information when executed by a user with JP1/Base administrator privileges:
-
syslog
/var/log/messages (in Linux)
-
Kernel parameter information
/etc/security/limits (in AIX)
-
System diagnostics
Execution result of /usr/bin/alog -o -t boot (in AIX)
When the data collection tool fails to collect data, the following message is output to the console:
Can not get resource-for-which-collection-failed.
|
No. |
Function |
||
|---|---|---|---|
|
1 |
Operating JP1/Base |
Starting and stopping JP1/Base |
|
|
2 |
User management |
User authentication |
|
|
3 |
User mapping |
||
|
4 |
Event service |
||
|
5 |
Event conversion |
Log file traps |
|
|
6 |
Collecting and distributing definitions |
Managing definition information using IM configuration management and managing the operating status of services |
|
|
7 |
Collecting and distributing definitions for the event service |
||
|
8 |
Collecting definition information for JP1 products |
||
|
9 |
Process management |
||
|
11 |
Health check function |
||
|
11 |
Local actions |
||
|
12 |
Adding primary and secondary logical hosts |
||
|
13 |
|
||
JP1/Base administrators cannot use the following features of JP1/Base. These remain the responsibility of the JP1/Base system administrator.
-
Mapping users to the superuser
If a JP1/Base administrator adds a mapping definition that maps to the superuser (the root OS user), an error occurs accompanied by an error message.
-
Automatic startup
Automatic startup is not supported for JP1/Base administrators.