Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

151

152

153

154

155

156

157

158

159

160

Table 8-6 Example Planning Results

Typical CommandsAuthorizations

(Note: Objects Assumed to Be *)

RolesUsers

/usr/sbin/useradd

/usr/sbin/usermod

hpux.user.*

hpux.security.*

UserOperatorchandrika,

rwang

/sbin/init.d/inetdhpux.network.*NetworkOperatorbdurant,

prajessh

/opt/customcmdhpux.*

company.customauth

Administratorluman

8.5.1 Configuring Roles

Configuring roles for users is a two-step process:

1. Create roles.

2. Assign roles to users or groups.

8.5.1.1 Creating Roles

Use the roleadm command to create roles and assign them to users or groups. You

must first add roles that do not already exist, and then assign users to those roles. The

following shows the roleadm command syntax:

roleadm add role [comments]

| delete role

| modify oldrolename newrolename

| assign user role

| assign "&group" role

| revoke user [role]

| revoke "&group" [role]

| list [user=username][role=rolename][sys]

Following is a list and brief description of the roleadm command arguments:

add Adds the role to the system list of roles in /etc/rbac/roles.

delete Deletes the role from the system list of roles in /etc/rbac/roles.

modify Changes role names in all three role-related database files:

/etc/rbac/roles, /etc/rbac/user_role, and

/etc/rbac/role_auth.

assign Assigns a role to a user or group, and updates the /etc/rbac/user_role.

revoke Revokes a role from a user or group, and removes the entry from

/etc/rbac/user_role.

list Lists the valid system roles (sys), or the user-to-role mappings.

8.5 Configuring HP-UX RBAC 155