Role Based Policy Settings

The following settings are used and need to be set when Role Based Policy and change management is implemented and used.

policydb

  • Version 8.5 and earlier: policydb setting not available.
  • Version 9.0 and later: policydb setting available.

The policydb setting specifies the path to the Role Based Policy database. If the value is not an absolute path (does not start with “/”), the database file is created in the location provided by databasedir setting.

/opt/<prefix>pbul<suffix>/dbs/pbrbpolicy.db

Policy server hosts

rolebasedpolicy

  • Version 8.5 and earlier: rolebasedpolicy setting not available.
  • Version 9.0 and later: rolebasedpolicy setting available.

Enable or disable Role Based Policy checking. The default is no.

rolebasedpolicy	yes
rolebasedpolicy	no

Policy server hosts

rbptransactions

  • Version 8.5 and earlier: rbptransactions setting not available.
  • Version 9.0 and later: rbptransactions setting available.

Enable the use of Role Based Policy Transactions to ensure integrity.

rbptransactions	yes
rbptransactions	no

Policy server hosts

changemanagementevents

  • Version 8.5 and earlier: changemanagementevents setting not available.
  • Version 9.0 and later: changemanagementevents setting available.

Enable/Disable the logging of Change Management Events when maintaining databases.

A logserver must be installed before enabling the changemanagementevents keyword.

changemanagementevents	yes
changemanagementevents	no

The following settings are also used in Role Based Policy.

  • eventdb <path>

    The path to the Change Management Event Database. The default is /opt/pbul/dbs/pbevent.db.

  • pbresturi <string>
  • The partial REST url string between the hostname and /REST. There is no default for this setting.

  • pbrestport <port#>
  • The REST port. Default value is the base port + 6.

  • eventdestinations <taxonomy>=<remote>,<db>,<authevt>,<syslog>,</path/to/file>,<|/path/to/executable> <taxonomy>=…..
  • Events can be sent to a remote host (primary logserver), event database, syslog, a flat file on the file system, or a binary or script for consumption. Multiple destinations can specified for each taxonomy with commas to separate. The default destination is authevt=db.

  • eventformats <taxonomy>=<csv|json> <taxonomy>=….
  • Specify the format of events to log (except database records which are always JSON). The default format is JSON

  • pbresttimeskew <num>
  • The maximum time in seconds that hosts are mismatched by (we recommend that the customer use a time synchronization service). The default is 60 seconds.