RBAC in 5.3 Question Post: 302203665

Sponsored Content

Operating Systems AIX RBAC in 5.3 Question Post 302203665 by dgaixsysadm on Monday 9th of June 2008 01:26:31 PM

06-09-2008

Registered User

Perhaps if I elaborate a little bit. I have user one 'groucho' and a second user 'karl' . I want groucho to be a user admin, with the ability to create, change, and delete user accounts. I assign him the role of ManageAllUsers and the required security group. I want Karl to be able to manage Roles, I assign Karl the ManageRoles group and the security group. I do not want groucho to be able to change, create, or delete roles. However, once I've given the group membership to groucho the command
$smit mkrole
allows me to run no problem (when Ideally he would only be able to administer user type commands)
consequently, if i run
$smit user
from Karl's account, I can also create and delete users. Neither of these Roles give any kind of benefit if they are not coupled with the secondary group membership 'security', however it seems that if I remove the roles from both users, and simply leave the security group in place, they have the same access permissions... No more, No less. Is this the way that RBAC is supposed to work in aix 5.3? I have read quite a bit about the features of ERBAC in 6.1 and I'm wondering if that is the only way to achieve the amount of granularity that I require.

Can someone offer any insights?

dgaixsysadm

View Public Profile for dgaixsysadm

Find all posts by dgaixsysadm

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

RBAC logging

Hi gurus: I have not come accross any links on the internet that shows how to set up logging in RBAC and also is it possible to get the granularity and simplicity of sudo logging in RBAC. I have heard that RBAC logs are complicated to read and not as simple and granular as sudo logs. Your help...

2. Solaris

Rbac

I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows: user_attr: asillito::::type=normal;roles=godbrook godbrook::::type=role;profiles=Gadbrook,All prof_attr: Gadbrook:::Allow root commands to be used by godbrook: exec_attr:...

3. Solaris

RBAC Help

do i have to create a new account to add a role? i want the sysadmin login i have 3 users on my systems sysadmin secman oc01 also 3 profiles SA (goes t0 sysadmin account) SSO (goes to secman account) LMICS (goes to oc01 account) the user accounts are located in /h/USERS/local the...

4. Shell Programming and Scripting

Automating RBAC with IF/Then statement

what would be easier to automate a script if/then ?

5. UNIX for Dummies Questions & Answers

Unix Rbac

Can anyone help me on "How to change Unix to support RBAC policy"?

6. Linux

Sudo user vs RBAC

Hi all, What the difference between the sudo users & RBAC when the talk of effects after doing the above comes??? any differences between them ,kindly list ??

7. Solaris

rbac problem.

Hi all! On backup server with contab my script worked, but one command don't fine to be executed: bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/ www-zone.cfg 100%...

8. Solaris

RBAC related question.....

I am referring Bill Calkins(SCSA exam prep) for RBAC..actually i wanted to make a normal user to get the privilege to run a command through authorization, not through profile files... This is the exact steps given by Bill calkins.. 1.roleadd -m -d /export/home/adminusr -c...

9. HP-UX

RBAC question

hi every one i tried rbac and i made 1- role called GizaRoot 2- group called gizagroup 3- added privlage autherization called "m.k" /usr/sbin/useradd:dflt:(m.k,*):0/0//:dflt:dflt:dflt: i assigned the role to group and add user to that group then su to user and tried to use the command ...

10. AIX

RBAC and LDAP users (AD)

Hello everyone, I am having trouble with something, and I can't find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users. So far so good, but now, we want to implement RBAC on...

LEARN ABOUT DEBIAN

moose::meta::role::method::conflicting

Moose::Meta::Role::Method::Conflicting(3pm)		User Contributed Perl Documentation	       Moose::Meta::Role::Method::Conflicting(3pm)

NAME

       Moose::Meta::Role::Method::Conflicting - A Moose metaclass for conflicting methods in Roles

VERSION

       version 2.0603

DESCRIPTION

INHERITANCE

       "Moose::Meta::Role::Method::Conflicting" is a subclass of Moose::Meta::Role::Method::Required.

METHODS

       Moose::Meta::Role::Method::Conflicting->new(%options)
	   This creates a new type constraint based on the provided %options:

	   o	   name

		   The method name. This is required.

	   o	   roles

		   The list of role names that generated the conflict. This is required.

       $method->name
	   Returns the conflicting method's name, as provided to the constructor.

       $method->roles
	   Returns the roles that generated this conflicting method, as provided to the constructor.

       $method->roles_as_english_list
	   Returns the roles that generated this conflicting method as an English list.

BUGS

       See "BUGS" in Moose for details on reporting bugs.

AUTHOR

       Moose is maintained by the Moose Cabal, along with the help of many contributors. See "CABAL" in Moose and "CONTRIBUTORS" in Moose for
       details.

COPYRIGHT AND LICENSE

       This software is copyright (c) 2012 by Infinity Interactive, Inc..

       This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

perl v5.14.2							    2012-06-28			       Moose::Meta::Role::Method::Conflicting(3pm)