Administration Guide

Getting started

This section discusses authorization for using SP Perspectives and how to start SP Perspectives.

Authorizing users for SP Perspectives

There is no special authorization directly associated with using the SP Perspectives applications, but keep in mind that each SP Perspectives application has an interface to SP information and functions. Before you can see particular information or perform certain tasks using SP Perspectives, you must be authorized to:

Access the particular information that you want Perspectives to display.
Use the AIX and SP commands and services that perform the actions you want to initiate using Perspectives.

SP Perspectives require that you have direct authorization for the particular objects and actions that have security restrictions before you can access them. Who can authorize users, which users are to be authorized to what, and how to authorize users all depend on the security policy implemented by your organization on your SP system. For more information, see Chapter 2, Security features of the SP system. |If you have the secure remote command process enabled, pay |particular attention to Secure remote command process.

Table 14 lists each Perspective and the authorization required to have the full function provided by that Perspective. See the SP Perspectives online help "Understanding SP Perspectives Security" for a complete list of authorizations required for the function of each Perspective.

Table 14. Authorization required for each Perspective

Access required	DCE	Compat
Event Perspective
SDR Write	User's DCE principal must be a member of the sdr-write and sdr-system-class-write or of the sdr-admin and sdr-system-class-admin DCE groups.	User must have root privilege.
Event Management	User's DCE principal must be a member of the haem-users DCE group.	None required.
Problem Management	User's DCE principal must be a member of the sysctl-pman DCE group.	User's Kerberos V4 principal must be configured in the /etc/sysctl.pman.acl file on the control workstation and nodes.
Hardware Perspective
SDR Write	User's DCE principal must be a member of the sdr-write and sdr-system-class-write or of the sdr-admin and sdr-system-class-admin DCE groups.	User must have root privilege.
Hardmon	User's DCE principal must be a member of the hm-monitor and hm-control DCE groups.	User's Kerberos V4 principal must be configured in the /spdata/sys1/spmon/hmacls file.
Event Management	User's DCE principal must be a member of the haem-users DCE group.	None required.
Efence, Estart	User's DCE principal must be a member of the sysctl-cwsroot DCE group.	One of the following: User must have root privilege. User's Kerberos V4 principal must be included in the /etc/sysctl.rootcmds.acl file.
cshutdown, cstartup	One of the following: User must have root privilege. User must be a member of the shutdown AIX group. User must be a member of the cshut AIX group and the user's DCE principal must be a member of the hm-control DCE group.	One of the following: User must have root privilege. User must be a member of the shutdown AIX group. User must be a member of the cshut AIX group and the user's Kerberos V4 principal must be configured in the /spdata/sys1/spmon/hmacls file.
System Partitioning Aid Perspective
	User must have root privilege on the control workstation to save a configuration file to the /spdata/sys1/syspar_configs file.	User must have root privilege on the control workstation to save a configuration file to the /spdata/sys1/syspar_configs file.
IBM Virtual Shared Disk Perspective
SDR Write	User's DCE principal must be a member of the sdr-write and sdr-system-class-write or of the sdr-admin and sdr-system-class-admin DCE groups.	User must have root privilege.
root privilege	There is some function in the IBM VSD Perspective that requires root privilege regardless of DCE.	There is some function in the IBM VSD Perspective that requires root privilege.
Hardmon	User's DCE principal must be a member of the hm-monitor and hm-control DCE groups.	User's Kerberos V4 principal must be configured in the /spdata/sys1/spmon/hmacls file.
Event Management	User's DCE principal must be a member of the haem-users DCE group.	None required.
VSD	User's DCE principal must be a member of the sysctl-vsd DCE group.	User's Kerberos V4 principal must be included in the /etc/sysctl.vsd.acl file.
Efence, Estart	User's DCE principal must be a member of the sysctl-cwsroot DCE group.	One of the following: User must have root privilege. User's Kerberos V4 principal must be included in the /etc/sysctl.rootcmds.acl file.
cshutdown, cstartup	One of the following: User must have root privilege. User must be a member of the shutdown AIX group. User must be a member of the cshut AIX group and the user's DCE principal must be a member of the hm-control DCE group.	One of the following: User must have root privilege. User must be a member of the shutdown AIX group. User must be a member of the cshut AIX group and the user's Kerberos V4 principal must be configured in the /spdata/sys1/spmon/hmacls file.

|Notes:

|Problem Management has limitations with authorization=none enabled. |See Authorizing event response actions.
|VSD will not work with restricted root access enabled.

Starting SP Perspectives

There are several ways of starting an SP Perspectives application. You can:

Use the SP Perspectives launch pad.
Start any of them directly.
Use the Common Desktop Environment (CDE).

Whichever way you choose, first do the following:

Export your display
If not already there, place /usr/lpp/ssp/bin in your PATH. Otherwise, you must prefix each command with /usr/lpp/ssp/bin/ when you type it.

To start SP Perspectives and use the launch pad running as a background process, do the following:

Run the command perspectives & to open the SP Perspectives launch pad window.
System management applications provided by SP Perspectives appear as icons in the launch pad window. For more information on the launch pad, see The launch pad.
To start an SP Perspectives application, use either of the following ways:
- Double-click on the icon for the application you want to run.
- Or do the following:
  1. Click on the icon for the application you want to run.
  2. Click Actions on the menu bar.
  3. Click on Launch.
Initially an hourglass icon appears, followed by the SP Perspectives splash screen, to let you know processing is occurring. Then, the application window (also referred to as the "Perspective") appears.

To start SP Perspectives applications directly, running as background processes without using the launch pad, enter any of the following at the command line:

sphardware &: The Hardware Perspective used to manage, control, and monitor hardware
spevent &: The Event Perspective used to set up and manage events
spvsd &: The IBM Virtual Shared Disk Perspective used to create, manage, and monitor virtual shared disks
spsyspar &: The System Partitioning Aid Perspective used to define system partitions

To start SP Perspectives applications using DCE, double-click on the SP Perspectives icon in the CDE Application Manager window.

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]