Role Based Policy Settings
The following settings are used and need to be set when Role Based Policy and change management is implemented and used.
policydb
- Version 8.5 and earlier: policydb setting not available.
- Version 9.0 and later: policydb setting available.
The policydb setting specifies the path to the Role Based Policy database. If the value is not an absolute path (does not start with “/”), the database file is created in the location provided by databasedir setting.
Default
/opt/<prefix>pbul<suffix>/dbs/pbrbpolicy.db
Used On
Policy server hosts
rolebasedpolicy
- Version 8.5 and earlier: rolebasedpolicy setting not available.
- Version 9.0 and later: rolebasedpolicy setting available.
Enable or disable Role Based Policy checking. The default is no.
rolebasedpolicy yes
Default
rolebasedpolicy no
Used On
Policy server hosts
rbptransactions
- Version 8.5 and earlier: rbptransactions setting not available.
- Version 9.0 and later: rbptransactions setting available.
Enable the use of Role Based Policy Transactions to ensure integrity.
rbptransactions yes
Default
rbptransactions no
Used On
Policy server hosts
changemanagementevents
- Version 8.5 and earlier: changemanagementevents setting not available.
- Version 9.0 and later: changemanagementevents setting available.
Enable/Disable the logging of Change Management Events when maintaining databases.
A logserver must be installed before enabling the changemanagementevents keyword.
changemanagementevents yes
Default
changemanagementevents no
The following settings are also used in Role Based Policy.
- eventdb <path>
The path to the Change Management Event Database. The default is /opt/pbul/dbs/pbevent.db.
- pbresturi <string>
The partial REST url string between the hostname and /REST. There is no default for this setting.
- pbrestport <port#>
The REST port. Default value is the base port + 6.
- eventdestinations <taxonomy>=<remote>,<db>,<authevt>,<syslog>,</path/to/file>,<|/path/to/executable> <taxonomy>=…..
Events can be sent to a remote host (primary logserver), event database, syslog, a flat file on the file system, or a binary or script for consumption. Multiple destinations can specified for each taxonomy with commas to separate. The default destination is authevt=db.
- eventformats <taxonomy>=<csv|json> <taxonomy>=….
Specify the format of events to log (except database records which are always JSON). The default format is JSON
- pbresttimeskew <num>
The maximum time in seconds that hosts are mismatched by (we recommend that the customer use a time synchronization service). The default is 60 seconds.