<div dir="ltr"><div>good day! </div><div>I use the configuration to create an ACL, it is shown below. How can I restrict access to the "pcs cluster stop" command for a user?<br></div><div><br></div><div><br></div><div>useradd rouser -m -G haclient<br>useradd rwuser -m -G haclient<br>passwd rwuser<br>passwd rouser<br>pcs acl enable<br>pcs acl role create read-only description="Read access to cluster" read xpath /cib<br>pcs acl role create write-access description="Full access" write xpath /cib<br>pcs acl permission add write_config write xpath /cib/configuration<br>pcs acl permission add write_config write xpath //crm_config//nvpair[@name='maintenance-mode']<br>pcs acl permission add write_config write xpath //nvpair[@name='maintenance']<br>pcs acl permission add write_config write xpath //resources<br>pcs acl permission add write_config write xpath //constraints<br>pcs acl user create rouser read-only<br>pcs acl user create rwuser write-access<br>pcs acl role assign read-only to rouser<br>pcs acl role assign write_config to rwuser<br><br>User: rouser<br>  Roles: read-only<br>User: rwuser<br>  Roles: write-access write_config<br>Role: read-only<br>  Description: Read access to cluster<br>  Permission: read xpath /cib (read-only-read)<br>Role: write-access<br>  Description: Full access<br>  Permission: write xpath /cib (write-access-write)<br>Role: write_config<br>  Permission: write xpath /cib/configuration (write_config-write)<br>  Permission: write xpath //crm_config//nvpair[@name=maintenance-mode] (write_config-write-1)<br>  Permission: write xpath //nvpair[@name=maintenance] (write_config-write-2)<br>  Permission: write xpath //resources (write_config-write-3)<br>  Permission: write xpath //constraints (write_config-write-4)<br><br>su rouser<br>Username: rouser<br></div><div>Password:<br>localhost: Authorized<br>pcs cluster stop<br>Stopping Cluster (pacemaker)...<br>Stopping Cluster (corosync)...<br><br></div></div>