Open topic with navigation
A comma-separated list of Kerberos GSS principals that have authorization for the functions included in this role. You can include Wildcard values in the GSS principal names.
The Kerberos principal name consists of:
myserver.example.com. This value is optional, and users do not usually have an instance.
To use GSS principals for permissions, you must set up Kerberos/GSS in your system (for example, you must set CommsEncryptionType to
You define the permissions that a particular role has by using StandardRoles, or by specifying the Actions and ServiceActions that you want the role to be able to use. You define the users that belong to a particular role by using Clients, GSSPrincipals, and SSLIdentities. If a connection matches one of the allowed clients, principals, or SSL identities, they have permission to perform the operations allowed by the role.