[Pacemaker] Multi-level ACLs for the CIB

Andrew Beekhof andrew at beekhof.net
Wed Feb 3 09:43:23 EST 2010

On Tue, Feb 2, 2010 at 6:14 AM, Yan Gao <ygao at novell.com> wrote:


> A configuration example:
> ..
> <acls>
>  <role id="operator">
>    <write id="operator-write-0" tag="nodes"/>
>    <write id="operator-write-1" tag="status"/>
>  </role>
>  <role id="monitor">
>    <read id="monitor-read-0" tag="nodes"/>
>    <read id="monitor-read-1" tag="status"/>
>  </role>


Quick question, have you tried using crm_mon with a configuration like this?
I'm pretty sure you'll get nothing sensible as it can't find the resources.

Might want to think about how to deal with that...

More information about the Pacemaker mailing list