Role Based Policy Settings

The following settings are used and need to be set when Role Based Policy and change management is implemented and used.

policydb

  • Version 8.5 and earlier: policydb setting not available.
  • Version 9.0 and later: policydb setting available.

The policydb setting specifies the path to the Role Based Policy database. If the value is not an absolute path (does not start with “/”), the database file is created in the location provided by databasedir setting.

Default

/opt/<prefix>pbul<suffix>/dbs/pbrbpolicy.db

Used On

Policy server hosts

rolebasedpolicy

  • Version 8.5 and earlier: rolebasedpolicy setting not available.
  • Version 9.0 and later: rolebasedpolicy setting available.

Enable or disable Role Based Policy checking. The default is no.

rolebasedpolicy    yes

Default

rolebasedpolicy    no

Used On

Policy server hosts

rbptransactions

  • Version 8.5 and earlier: rbptransactions setting not available.
  • Version 9.0 and later: rbptransactions setting available.

Enable the use of Role Based Policy Transactions to ensure integrity.

rbptransactions    yes

Default

rbptransactions    no

Used On

Policy server hosts

changemanagementevents

  • Version 8.5 and earlier: changemanagementevents setting not available.
  • Version 9.0 and later: changemanagementevents setting available.

Enable/Disable the logging of Change Management Events when maintaining databases.

A logserver must be installed before enabling the changemanagementevents keyword.

changemanagementevents    yes

Default

changemanagementevents    no

The following settings are also used in Role Based Policy.

  • eventdb <path>

    The path to the Change Management Event Database. The default is /opt/pbul/dbs/pbevent.db.

  • pbresturi <string>

    The partial REST url string between the hostname and /REST. There is no default for this setting.

  • pbrestport <port#>

    The REST port. Default value is the base port + 6.

  • eventdestinations <taxonomy>=<remote>,<db>,<authevt>,<syslog>,</path/to/file>,<|/path/to/executable> <taxonomy>=…..

    Events can be sent to a remote host (primary logserver), event database, syslog, a flat file on the file system, or a binary or script for consumption. Multiple destinations can specified for each taxonomy with commas to separate. The default destination is authevt=db.

  • eventformats <taxonomy>=<csv|json> <taxonomy>=….

    Specify the format of events to log (except database records which are always JSON). The default format is JSON

  • pbresttimeskew <num>

    The maximum time in seconds that hosts are mismatched by (we recommend that the customer use a time synchronization service). The default is 60 seconds.