Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
Chef Cookbook management permissions
This section specifies the Chef Cookbook Management permissions required by users to perform specific actions in the SA Client. For security administrators, the table answers this question: To perform a particular action, what permissions does a user need?
In addition to the action permissions listed, every user action also requires the Managed Servers and Groups permission.
Permissions for running a Chef Recipe from a Cookbook with no dependencies
The following permissions are required in order to run a Chef Recipe from a cookbook with no dependencies:
-
These Action Permissions control the Chef tasks you can perform.
Permission
Setting
Task Enabled
Run Chef Recipes
Yes the ability to start or schedule a specific Run Chef Recipe job.
Manage Package
Read (or stronger) the ability to use Cookbooks (which is a type of SA package) in Run Chef Recipe jobs.
The user running the Run Chef Recipe job must belong to a user group with the Run Chef Recipes and Manage package permissions.
- Folder Permissions control the access to the SA Library folder where the cookbook resides.
The user running the Run Chef Recipe job must belong to a user group with Read permission on the folder where the cookbook resides. - Resource Permissions control the access of the current user to the managed servers in SA.
The user running the Run Chef Recipe job must belong to a user group with Read&Write permission on the server’s facility, customer, and at least one of it’s Device Groups.
For more information about setting resource permissions, see "About Resource Permissions" in the SA 10.50 Administration Guide. - Customer Constraints on Folders determine which servers can be the target of a Run Chef Recipe job. As each server is assigned to a Customer, the customer constraints of the cookbook folder must include the Customer of the target server.
Alternatively, you can ignore folder customer permissions entirely by assigning the Customer Independent customer to the cookbook folders.
For more information about setting folder permissions, see "About Resource Permissions" in the SA 10.50 Administration Guide.
Permission management for Cookbooks with dependencies
The dependencies of a cookbook must satisfy the same permission requirements as the main cookbook: Read folder permissions and the proper folder customer constraints. If multiple versions of the dependent cookbooks exist, SA will use the newest version of the dependent cookbooks for which the entire dependency graph satisfies all required permissions.
Example: In the following setup, when the user tries to run a recipe from cookbook A, SA will resolve its dependency on cookbook B to version 1.7.4.
Illustration of Permissions for Running Chef Recipes
More in-depth, version 1.8 of cookbook B cannot be used because folder2 is not associated to customer1 (the customer of the targeted server). Version 1.7.5 of cookbook B can’t be used because the user doesn’t have any permissions on folder3. Versions 1.7.4 and 1.7.3 are both accessible and SA will choose the higher version, therefore 1.7.4.
Multi-tenancy
Customer constraints on folders provide the mechanism to support multi-tenancy, which allows you to apply different content to different customers.
In the example below, applying cookbook A to a group of two managed servers (cbt2 and m529) will result in applying version 1.0 of cookbook B to server m529 and version 2.0 of cookbook B to server cbt2.
Illustration of Multi-tenancy for Chef Recipes
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: