Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
141142143144145146147148149150
SMH integration RBAC System Management Homepage (SMH)
integration to allow the graphical management
of the RBAC databases through a Web interface.
The following sections discuss the HP-UX RBAC components in more detail.
8.3.1 HP-UX RBAC Access Control Policy Switch
The HP-UX RBAC Access Control Policy Switch is a customizeable interface between
applications that must make access control decisions and the access control policy
modules that provide decision responses after interpreting policy information in RBAC
databases. As shown in Figure 8-1, from its location in the HP-UX RBAC architecture,
the ACPS provides an interface between the access control policy modules and the
applications that make access control decisions.
The ACPS has the following interfaces, described in detail in their respective manpages:
ACPS application programming interface (API)
ACPS service provider interface (SPI)
/etc/acps.conf
The administrative interface for the ACPS is the /etc/acps.conf configuration file.
The /etc/acps.conf configuration file determines which policy modules the ACPS
consults, the sequence in which the modules are consulted, and the rules for combining
the module's responses to deliver a result to the applications that need access control
decisions. This ACPS implementation allows you to create a module to enforce custom
policy without modifying existing role-based access control applications.
NOTE: Refer to acps(4), acps.conf(4), acps_api(3), and acps_spi(3) for more information
on the ACPS and its interfaces.
8.3.2 HP-UX RBAC Configuration Files
Table 8-3 lists and briefly describes the HP-UX RBAC files.
Table 8-3 HP-UX RBAC Configuration Files
DescriptionConfiguration File
Database file containing all valid authorizations./etc/rbac/auths
privrun database file containing command and file authorizations and
privileges.
/etc/rbac/cmd_priv
Database file defining the authorizations for each role./etc/rbac/role_auth
Database file defining all configured roles./etc/rbac/roles
Database file defining the roles for each user./etc/rbac/user_role
8.3 HP-UX RBAC Components 147