Show Table of Contents
11.9.5. 关于角色权限
角色具有的权限定义了它能做的事情。并非每个角色都具有每个权限。值得注意的是,SuperUser 具有所有权限,而 Monitor 的权限最小。
每个权限都可以为某个类别的资源赋予读和写权限。
这些类别是:运行时状态、服务器配置、敏感数据、审计日志和访问控制系统。
表 11.5 “角色权限矩阵” 总结了每个角色的权限。
表 11.5. 角色权限矩阵
|
Monitor
|
Operator
|
Maintainer
|
Deployer
|
Auditor
|
Administrator
|
SuperUser
| |
|
读取配置和状态
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
|
读取敏感数据 [2]
|
X
|
X
|
X
| ||||
|
修改敏感数据 [2]
|
X
|
X
| |||||
|
读/修改审计日志
|
X
|
X
| |||||
|
修改运行时状态
|
X
|
X
|
X[1]
|
X
|
X
| ||
|
修改持久性配置
|
X
|
X[1]
|
X
|
X
| |||
|
读/修改访问控制
|
X
|
X
|
[1] 权限限于应用程序资源。
[2] 哪些资源被当作 "敏感数据" 是使用敏感性约束来配置的。
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.