Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
151152153154155156157158159160
NOTE: See the roleadm(1m) manpage for more information.
Following are two examples of the roleadm command adding new roles:
# roleadm add UserOperator
roleadm: added role UserOperator
# roleadm add NetworkOperator
roleadm: added role NetworkOperator
NOTE: The default configuration files delivered with HP-UX RBAC contain a single
preconfigured role: Administrator. By default, the Administrator role is assigned all HP-UX
system authorizations (hpux.*, *) and is associated with the root user.
After defining valid roles, you can assign them to one or more users or groups. Attempting
to assign a role that has not been created to users will display an error message indicating
that the role does not exist.
8.5.1.2 Assigning Roles to Users
Separating role creation from role assignment offers the following advantages:
Requiring that roles be created before they are assigned ensures that any
typographical errors are caught when specifying role names during role assignment.
Allows different users to perform each task. For example, the same user is not
required to both create the roles and assign the roles.
After creating valid roles, use the roleadm command to assign them to the appropriate
users, as shown in the following examples:
# roleadm assign luman Administrator
roleadm assign done in /etc/rbac/user_role
# roleadm assign rwang UserOperator
roleadm assign done in /etc/rbac/user_role
After using the roleadm assign command to assign roles to users, you can use the
roleadm list command to verify that the roles were assigned correctly, for example:
# roleadm list
root: Administrator
luman: Administrator
rwang: UserOperator
156 HP-UX Role-Based Access Control