Product SiteDocumentation Site

Chapter 13. Access Control Lists (ACLs)

Table of Contents

13.1. ACL Prerequisites
13.2. ACL Configuration
13.3. ACL Roles
13.4. ACL Targets and Groups
13.5. ACL Examples
By default, the root user or any user in the haclient group can modify Pacemaker’s CIB without restriction. Pacemaker offers access control lists (ACLs) to provide more fine-grained authorization.

13.1. ACL Prerequisites

In order to use ACLs:
  • The Pacemaker software must have been compiled with ACL support. If the output of the command pacemakerd --features contains acls, your installation supports ACLs.
  • Desired users must have user accounts in the haclient group on all nodes in the cluster.
  • If your CIB was created before Pacemaker 1.1.12, it may need to be updated to the current schema using cibadmin --upgrade in order to use the syntax documented here.
  • The enable-acl cluster option must be set to true.