1.2.17 Cluster Level Privileges

Cluster level privileges are high-level privileges that control various actions performed by Exascale users.

Cluster level privileges are assigned by using the ESCLI mkuser or chuser commands.

There are four types of Exascale cluster level privileges, and any user may hold privileges across multiple privilege types. The following list describes the privilege types and the available privileges:

  • Cluster Level Storage Privileges are powerful privileges that are typically reserved for users that administer the Exascale cluster. A user can hold zero or one of the following cluster level storage privileges:

    • cl_monitor: Enables the receiving user to monitor the Exascale cluster by performing list operations using the Exascale command line interface (ESCLI).

    • cl_operator: Enables the receiving user to:

      • Monitor the Exascale cluster by performing list operations using ESCLI.

      • Manage pool disks (create, drop, online, offline).

      • Manage software services (list, startup, shutdown, restart, delete).

      • Manage the trust store.

    • cl_admin: A set of system administrator privileges that includes all the cl_monitor and cl_operator privileges, along with all of the privileges from the other privilege types; namely:

      • All of the cluster level vault privileges specified in vlt_manage.

      • All the cluster level user privileges: rest_vault_client, rest_volume_client, user_create, system_restore, and on_behalf_of.

      • All the service privileges: cellsrv, egs, ers, syseds, usreds, bsm, and bsw.

      This privilege also enables the receiving user to:

      • Grant any privilege to any user.

      • Reset a key for any user.

      • Create, modify, and delete storage pools.

      • View extent map information.

      • Create, modify, and delete Exascale volumes and related resources, including volume attachments, volume groups, volume backups, volume snapshots, and Exascale-managed ACFS file systems.

  • Cluster Level Vault Privileges are powerful data access privileges governing the actions that the receiving user is allowed to perform on all vaults and files. Typically, cluster level vault privileges are assigned to administration users that manage files in Exascale vaults.

    Cluster level vault privileges work in addition to access control lists (ACLs). To perform an action on a vault or file, a user requires the appropriate cluster level vault privilege or the appropriate ACL privilege. See Vault and File Access Control.

    A user can hold zero or one of the following cluster level vault privileges:

    • vlt_inspect: Enables the receiving user to create new vaults. The receiving user also gets complete control over files created in those vaults.

      This privilege is assigned to new users by default. However, wherever possible, you should consider removing this privilege and using specific ACL privileges instead.

    • vlt_read: Includes the vlt_inspect privileges and also enables the receiving user to list all existing vaults, display attributes for any vault, create files in any vault, list files in any vault, and display attributes for any file.

    • vlt_use: Includes the vlt_read privileges and also enables the receiving user to open any file for reading.

    • vlt_manage: Includes the vlt_use privileges and also enables the receiving user to open any file for read and write, alter any vault or file, and drop vaults and files.

  • Cluster Level User Privileges govern the actions that the receiving user is allowed to perform on the Exascale cluster. A user can hold zero or more of the following cluster level privileges:

    • rest_vault_client: Enables the receiving user to run ESCLI commands that operate on vaults, files (including file clones and snapshots), and other associated resources. These resources include templates, extended attributes, datasets, access control lists (ACLs), and resource profiles.

      This privilege enables primary access to ESCLI commands that send RESTful requests to Exascale control services (ERS) to operate on vault and file-related resources. However, specific operations or visibility into resources may require additional privileges. For example, while a user with this privilege can run the ESCLI ls command, other cluster level privileges and ACLs ultimately govern the specific vaults and files that are displayed.

      This privilege is first introduced in Oracle Exadata System Software release 25.2.3 (October 2025).

    • rest_volume_client: Enables the receiving user to run ESCLI commands that operate on Exascale volumes and related resources, including volume attachments, volume groups, volume backups, volume snapshots, and Exascale-managed ACFS file systems.

      This privilege enables primary access to ESCLI commands that send RESTful requests to Exascale control services (ERS) to operate on volume-related resources. However, specific operations or visibility into resources may require additional privileges. For example, while a user with this privilege can run the ESCLI lsvolume command, volume ownership and other cluster level privileges ultimately govern the specific volumes that are displayed.

      This privilege is first introduced in Oracle Exadata System Software release 25.2.3 (October 2025).

    • user_create: Enables the receiving user to create new users in the cluster.

      You may choose to assign this privilege to dedicated personnel performing user administration.

    • system_restore: Enables the receiving user to restore an Exascale system.

      Do not assign this privilege to any of your Exascale users. This privilege and the accompanying operation are internal and are not used under normal circumstances.

    • on_behalf_of: A special privilege that enables the receiving user to send a request to Exascale control services (ERS) on behalf of another user.

      Do not assign this privilege to any of your Exascale users. Typically, this privilege is only assigned to the internal administration accounts that reside on each Exascale node.

  • Service Privileges govern the Exascale software services that the receiving user is allowed to run. Typically, service privileges are only assigned to the internal node-specific administration accounts that reside on each Exascale node. A user can hold zero or more of the following service privileges:

    • cellsrv: Enables the receiving user to run the core Exadata cell services.

    • egs: Enables the receiving user to run Exascale cluster services (also known as Exascale Global Services).

    • ers: Enables the receiving user to run Exascale control services (also known as Exascale RESTful Services).

    • syseds: Enables the receiving user to run the system vault manager service.

    • usreds: Enables the receiving user to run the user vault manager service.

    • bsm: Enables the receiving user to run the block storage manager service.

    • bsw: Enables the receiving user to run the block storage worker service.

    • ms: Facilitates the transfer of telemetry information between Exascale RESTful Services (ERS) and the Exadata Management Server (MS).

Additionally, no_privilege is a special privilege that removes all privileges from the receiving user. When it is assigned to a user, no_privilege cannot be combined with any other privilege.

Related Topics

Parent topic: Exascale Components and Concepts