Quorum Settings

In this section the term SOClosedSecurity officer - UKC partition administrator role. indicates a user with an SOClosedSecurity officer - UKC partition administrator role. role or a user that is a member of a user group that grants SOClosedSecurity officer - UKC partition administrator role. privileges to its members.

Quorum Size

Quorum size specifies the minimum number of users with the SOClosedSecurity officer - UKC partition administrator role. privileges that make a quorum.

Changing the Quorum size from the default 1 to any other value enables the partition's quorum approval feature. Changing it back to 1 disables the feature.

Notes:

  1. A partition quorum size can't exceed the current number of the partition SOs. Before increasing this setting, create an adequate number of partition SOs.
  2. The same rule applies in the opposite direction - the system does not allow deleting an SOClosedSecurity officer - UKC partition administrator role. if such action puts the number of SOs below the current quorum size.

  3. The required quorum size is attached to command when the request for approval is issued.Subsequent changes to the quorum size do not impact this number.
  4. Do not delete SOs while operations are pending approval. Such action might lock the operation due to not a sufficient number of SOs, and require the Root SOClosedSecurity officer - UKC partition administrator role. to readjust the size of the quorum.

  5. Inheritance and Quorum are two mutually exclusive properties. You can't enable Quorum if the Inheritance is already enabled.

Quorum Request Expiration

Quorum expiration specifies the number of days that the quorum approval request remains effective.

The quorum expiration time is attached to each operation during the original request. Subsequent changes to the quorum expiration setting do not impact already pending requests.

Commands Protected by Quorum

Important
Commands that require quorum approval must be originated by the quorum members (SOs).
A user without SOClosedSecurity officer - UKC partition administrator role. privileges shall be blocked when attempting to perform such command.

Commands Protected by Default

Once the quorum is enabled, the following commands automatically require its approval.

SOClosedSecurity officer - UKC partition administrator role. management Operations
add / delete SOClosedSecurity officer - UKC partition administrator role.
reset SOClosedSecurity officer - UKC partition administrator role. password
 
Quorum configuration modification
Change commands that require quorum approval
Change quorum size, including reducing it size to one SOClosedSecurity officer - UKC partition administrator role. (disabling the quorum)
 
User Group management
Creating / deleting user groups
Changing roles and permissions in a user group
Adding / deleting members to / from user group

Commands Eligible for Approval

The following operations may be enabled in the partition configuration settings to be approved by quorum of the partition's SOs:

  • Partition Configuration:
    • Modify configuration- change the partition settings.
  • Key and certificate management (excluding public keys):
    • Delete key or certificate
    • Import key or certificate
    • Export key or certificate
    • Rekey
    • Enable / Disable a key
    • Join split keys
    • Link an external key
    • Relink an external key
    • Unlink an external key
  • Secret management:
    • Create a secret
    • Update the secret's content
    • Delete secret
  • Client management:
    • Create a client
    • Update client
    • Delete client
    • Refresh the client's activation code
  • User and Role management:
    • Create a user
    • Delete user
    • Create a role
    • Update role
    • Delete role
  • External Keystore management
    • Create a keystore
    • Update keystore
    • Delete keystore

In the root partition, you can also add the following commands:

  • Cluster management :
    • Add / Delete a server pair or triplet
    • Add/ Delete an auxiliary server